This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kim_Moberg
Advisor
‎2023-08-31 06:11 AM

CP CME script add more than one log server

Hi

How to add more than one log server CP cme autoprovision script?

In MDS we have multiple scale sets running cloudguards but we have to manually add/adjust primary log servers and backup log server on the gateway gui object in Smartconsole.

 

autoprov_cfg have the option "-sl" to specify the log server host

 

Can we add more than one host to the autoprov_cfg option "-sl" like

 

autoprov_cfg add template -tn tnPRODENV -sl hosts1 host2 host3

and how to automate backup log server feature. Does that exist?

 

Thanks

 

Best Regards
Kim
0 Kudos
6 Replies
Kim_Moberg
Advisor
‎2023-08-31 06:22 AM

Example 1 not working

[Expert@labman01:0]# autoprov_cfg set template -tn tnPRODENV -sl host1 host2
usage: autoprov_cfg [-h] [-f] [-v] {show,init,add,set,delete} ...
autoprov_cfg: error: unrecognized arguments: host2

 

Example 2 - not working

[Expert@labman01:0]# autoprov_cfg set template -tn tnPRODENV -sl host1  -sl host2
would you like to restart the service now? (y/n) y
Stopping cme: . [ OK ]
Starting cme: [ OK ]


[Expert@labman01:0]# autoprov_cfg show templates
tnPRODENV:
anti-bot: true
anti-virus: true
application-control: true
aws-automatic-policy: true
generation: "1"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/74656D706C61746573/746E534541545354/one-time-password"
policy: Test-Policy
send-logs-to-server: host2
version: "R81.10"
[Expert@labman01:0]#


Best Regards
Kim
0 Kudos
Amir_Senn
Employee
Employee
‎2023-08-31 07:18 AM
In response to Kim_Moberg

Hi,

Try -sl host1,host2 .

Example 1 didn't work because it expects to get the objects as a list. 

Example 2 didn't work because you defined host1 and then defined host2. It has overwritten host1.

 

This is a new feature and behavior for adding backup log server will be much better soon.

I believe that as of now you can only add backup by adding it to the command and use it as one command. I think that in a few weeks, improvement will allow you to add it with a separate command.

 

For now, use like this: autoprov_cfg.... -sl host1, host2 -sbl backuphost1, backuphost2

In the future -sbl will run verifications behind the scenes and if a primary log server is defined in autoprov_cfg you will be able to add it via a separate command.

Kind regards, Amir Senn
0 Kudos
Kim_Moberg
Advisor
‎2023-08-31 08:45 AM
In response to Amir_Senn

@Amir_Senn 

Thank you so much for quick reply.

 

[Expert@dklabcpman01:0]# autoprov_cfg set template -tn "tnPRODENV" -sl host1,host2
would you like to restart the service now? (y/n) y


Result after running autoprov_cfg show templates

templates:
tnPRODENV:
anti-bot: true
anti-virus: true
application-control: true
aws-automatic-policy: true
generation: "1"
identity-awareness: true
ips: true
one-time-password: "__protected__autoprovision/74656D706C61746573/746E534541545354/one-time-password"
policy: Test-Policy
send-logs-to-server: "host1,host2"
url-filtering: true
version: "R81.10"
[Expert@labman01:0]#

 

 

that would work for me when using the primary log server objects.

 

Is it correct understood the autoprov_cfg option "-sbl" doesn't work because it is not yet implemented in the CME latest update take 243?

 

Thanks

 

 

Best Regards
Kim
0 Kudos
Roman_Kats
Employee
Employee
‎2023-08-31 10:30 PM
In response to Kim_Moberg

Hello @Kim_Moberg ,

As for today CME support only single primary log server and alert server.

If CME Log Server configuration applied as part of provisioning cycle CME has to perform "Install  database"  action on Log Server machine. In current CME version install database can be done by using custom management script.

You can find description on how to apply custom management script in the CME admin guide

Custom Script.png

We understand the complexity of the current solution and in a few weeks releasing CME with multiple Primary, Backup, Alert log servers support and without any need in running custom management script.

I would like to propose you to get the new CME with the extended log servers configurations as one of the firsts. If you are interested please contact me in private message.
Thanks,
Roman  

 

 

 

(1)
Kim_Moberg
Advisor
‎2023-09-01 12:40 AM
In response to Roman_Kats

@Roman_Kats 

Thank you for updating me on this.. I have discussed it internally because we have a responsibility of stability in our environment we have decided to wait for the take to become GA before upgrading our existing installation in a custom installation to be able to add multiple Primary, Backup, Alert log servers support and without any need in running custom management script.

I will keep an eye out for sk157492 - CME (Cloud Management Extension) for CloudGuard - Latest Updates

Will you be adding text to the release notes about now the feature your have described like you have added the new feature of adding multiple Primary, Backup, Alert log servers support? 

Thanks

 

 

 

Best Regards
Kim
0 Kudos
Roman_Kats
Employee
Employee
‎2023-09-04 12:15 AM
In response to Kim_Moberg

@Kim_Moberg 
Yes, sure there will bea note in the sk157492

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events