This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
itguerreiro
Explorer
‎2023-03-03 11:58 AM
Jump to solution

Export Log's Harmony Endpoint

Dear all, I have a doubt about the log send configuration.

The documentation informs that it is possible to use ports 514 and 6514 for the TCP and UDP protocols, but when I choose port 514/UDP in the manager, only port 6514 is available via UDP.

Is it possible or not to use port 514/UDP?

https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/110134/FILE/CP_Harmony_Endpoint_AdminGu...

This information is on page 274.

 

Thanks,

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2023-03-06 04:47 AM
In response to itguerreiro
Jump to solution

Create a Syslog destination:

Global Settings > Event Forwarding > Manage Destination

Destination.png

Create a forwarding rule:

Global Settings > Event Forwarding > + Add

(Specific services is an option here i.e. "Harmony Endpoint")

forwarding.png

CCSM R77/R80/ELITE

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
‎2023-03-03 04:56 PM
Jump to solution

What version/JHF is this or are you managing from Infinity Portal?

0 Kudos
itguerreiro
Explorer
‎2023-03-06 04:30 AM
In response to PhoneBoy
Jump to solution

Hello,

I'm trying to perform the configuration from the infinity portal.

0 Kudos
_Val_
Admin
Admin
‎2023-03-06 01:25 AM
Jump to solution

514 UDP is for syslog. Are you trying to use syslog to export logs? It makes much more sense to use the proprietary TLS protected protocols. 

Also, why would you export the logs TO your management server? Please elaborate on what you are trying to achieve.

0 Kudos
itguerreiro
Explorer
‎2023-03-06 04:34 AM
In response to _Val_
Jump to solution

Hello,

My goal is to export the logs to my syslog server and store onprimeses for backup purposes.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-03-06 04:47 AM
In response to itguerreiro
Jump to solution

Create a Syslog destination:

Global Settings > Event Forwarding > Manage Destination

Destination.png

Create a forwarding rule:

Global Settings > Event Forwarding > + Add

(Specific services is an option here i.e. "Harmony Endpoint")

forwarding.png

CCSM R77/R80/ELITE
_Val_
Admin
Admin
‎2023-03-06 04:56 AM
In response to itguerreiro
Jump to solution

Ok, then you are looking into the wrong guide. You need to look into Infinity Portal guide, under Global / Event Forwarding. I see that @Chris_Atkinson already provided you with the info.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-03-06 03:00 AM
Jump to solution

On-prem management/log servers have an "accept syslog" option (sk102995 - Part 2) but it is not intended for this purpose, least not over the internet without encryption or for endpoint.

Recommend discussing the consolidation options further with your local SE and if this is still necessary they can raise any corresponding RFEs that may be required.

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events