https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52447#M2069 <P>I think it is available since R77.20.80.</P> Thu, 02 May 2019 17:57:44 GMT Pedro_Espindola 2019-05-02T17:57:44Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51829#M2026 <P>Can we send <SPAN>Check Point&nbsp;</SPAN><STRONG>730 Appliance system and security logs to AWS EC2 system directly through syslog configuration ?</STRONG></P> Thu, 25 Apr 2019 11:19:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51829#M2026 ojuser 2019-04-25T11:19:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51896#M2027 SMB device logs can be forwarded through syslog.<BR />Security Logs from SMB can only be forwarded through an OPSEC LEA connection (not syslog). Thu, 25 Apr 2019 23:27:19 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51896#M2027 PhoneBoy 2019-04-25T23:27:19Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51918#M2030 <P>Any idea how I can configure the logs from CP to AWS EC2 instance through&nbsp;<SPAN>OPSEC LEA. Do I need to configure anything extra as I don't have CP SMS licence in my environment. Please share some details / documents which can be helpful here. Thanks.</SPAN></P> Fri, 26 Apr 2019 03:44:45 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51918#M2030 ojuser 2019-04-26T03:44:45Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51920#M2031 You would need an SMS to receive the logs from the 730.<BR />That SMS could run in AWS using a PAYG license.<BR />Once on an SMS you could use Log Exporter to send the logs via syslog wherever it needs to go. Fri, 26 Apr 2019 05:07:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/51920#M2031 PhoneBoy 2019-04-26T05:07:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52283#M2048 <P>Actually, you CAN export security logs via syslog, but it will be plain UDP syslog, without any security or guarantee of delivery.</P><P>&nbsp;</P><P>Also, the format is not very friendly and you'd need to customize your own filter.</P> Tue, 30 Apr 2019 20:09:25 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52283#M2048 Pedro_Espindola 2019-04-30T20:09:25Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52346#M2052 Pretty sure that's only for OS logs and not Security logs. Wed, 01 May 2019 20:54:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52346#M2052 PhoneBoy 2019-05-01T20:54:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52356#M2053 <P>Not sure what version we started supporting it, but yes includes the option to send security logs. Enable Show obfuscated if needed. As Pedro says not sent securely and will need to parse them to do any reporting on them.</P> <P>The central log server may be the better option for both of these reasons.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="syslog-options.jpg" style="width: 509px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1049iAD7114E444EBDF41/image-size/large?v=v2&amp;px=999" role="button" title="syslog-options.jpg" alt="syslog-options.jpg" /></span></P> <P>&nbsp;</P> Wed, 01 May 2019 23:02:33 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52356#M2053 DeletedUser 2019-05-01T23:02:33Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52360#M2055 <P>Yep, it's been around for a while.</P> <P>I am logging to NAS-based syslog in my lab from standalone 1430:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/1050i27FB5E0641855BF6/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P> Wed, 01 May 2019 23:56:57 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52360#M2055 Vladimir 2019-05-01T23:56:57Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52444#M2068 Well then, I'm happy to be wrong in this case.<BR />And it must be a relatively recent feature. Thu, 02 May 2019 17:53:19 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52444#M2068 PhoneBoy 2019-05-02T17:53:19Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52447#M2069 <P>I think it is available since R77.20.80.</P> Thu, 02 May 2019 17:57:44 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Logs-forwarding/m-p/52447#M2069 Pedro_Espindola 2019-05-02T17:57:44Z