topic Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud in General Topics

Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

L3on — Mon, 17 Feb 2025 15:07:57 GMT

Hello mates,

A customer needs to send logs to a Syslog Server directly from Security Gateways which are managed by Smart-1 Cloud SMS.

Where has the "Send logs and alerts to these log servers" table gone inside the Cluster object Logs menu?

In OnPrem deployments to add syslog servers to forward logs directly from the gateways you can double-click the Security Cluster object, then click "Logs" in the left menu tree and add a third party syslog server in the "Send logs and alerts to these log servers" table.

I can't seem to find this table anymore in the security cluster object which is managed by Smart-1 Cloud SMS.
Is there any workaround to this or should I use the Log Exporter in the Infinity Portal?

Is there another way to forward Gateway logs to a syslog server in parallel to the S1C which already receives the logs?

Please, also find a screenshot attached with the Log options inside the Cluster object.

Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

AkosBakos — Mon, 17 Feb 2025 15:33:41 GMT

Hi @L3on

My opinion is that, using cp_log_export is much more easier/safer, but oldschool.

What kind of logs want you to forward? Traffic logs? If yes:

NetFlow Export https://support.checkpoint.com/results/sk/sk102041

You can send logs direcly from the gateway. There are limitations, so start with this chapter.

Q: Cluster object, then click "Logs" in the left menu tree and add a third party syslog server in the "Send logs and alerts to these log servers" table.

or:

Akos

Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

L3on — Mon, 17 Feb 2025 15:54:09 GMT

Thanks for the quick response.
I need to send firewall logs to the syslog at the same time they are being sent to the SMS.

Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

AkosBakos — Mon, 17 Feb 2025 16:27:32 GMT

Ok, then the it is simple. You configure a cp_log_export on the SMS, and when the log arrives, it will be sent immediately to the external SYSLOG server.

Here is the guide, or this

Syntax:

cp_log_export add name <Name> [domain-server {mds | all}] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa} [<Optional Arguments>]

Akos

Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

PhoneBoy — Mon, 17 Feb 2025 23:58:54 GMT

If gateways are managed by Smart-1 Cloud, logs can only be exported from Infinity Portal using Log Exporter (note this requires a specific SKU).
You can configure syslog on the gateway as @AkosBakos suggested, which should send firewall logs (not other blades) as they arrive on the gateway to the configured syslog server.

Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

L3on — Tue, 18 Feb 2025 07:50:59 GMT

Thank you for reply!
But with the syslog configuration on the gateway, would the firewall logs still be forwarded to the Smart-1 Cloud SMS as well?
Or would they be missing from the logging in the Logs&Monitor view in the Infinity Portal?

Re: Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

PhoneBoy — Tue, 18 Feb 2025 21:05:47 GMT

The logs should still appear in Smart-1 Cloud, yes.
The syslog is "in addition to" in this case.