This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gm446
Contributor
‎2023-08-09 06:41 AM

How to collect logs drom endpoint on the Endpoint server?

Hi all,

We are implementing Splunk SIEM in our organization, the log exporter works fine on the SMS and send all of our gateways logs, but i am trying to understand how to send client logs on the endpoint server. i enabled Log Upload feature for the Client Settings on SmartEndpoint.

I enable on the SmartConsole the "Logging & Status" and "Identity Logging" blades for the endpoint server, and enable the Log Indexing on the Logs tab but only few endpoint are sending logs to the server (about 5% of the endpoints). i also configure the log export in the exact same way i configure for the SMS but the endpoint server not exporting logs. i am trying to understand if i miss something here and how to troubleshoot this issue.

Thank you in advance,
Yossi.

 

0 Kudos
7 Replies
gm446
Contributor
‎2023-08-10 04:29 AM

i now succeed to send logs to splunk when i configure the log export via CLI,
but still Endpoint Server is not collecting any endpoint logs from users.

any ideas?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-08-10 07:20 AM
In response to gm446

Which client version is used and what upload settings are configured under client settings?

CCSM R77/R80/ELITE
0 Kudos
gm446
Contributor
‎2023-08-10 10:17 PM
In response to Chris_Atkinson

Most of the clients are E87.30, some are 86.20, Server is R81.10.

those are the settings:

Screenshot 2023-08-09 163606.jpg

0 Kudos
gm446
Contributor
‎2023-08-13 03:48 AM
In response to gm446

The strange thing is that some endpoints report logs perfectly, but only a few. This brings up the new that it is a setting in the agent, because the Client Settings are the same for the entire organization.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-08-13 06:01 AM
In response to gm446

Are all the clients internal or some external and is the endpoint server reachable for them via NAT?

CCSM R77/R80/ELITE
0 Kudos
gm446
Contributor
‎2023-08-13 06:45 AM
In response to Chris_Atkinson

all the clients internal, there is no nat for the endpoint server.

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-08-13 03:14 PM
In response to gm446

Suggest investigating further with TAC to get to the bottom of this. https://help.checkpoint.com

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events