This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D_TK
Collaborator
‎2023-05-24 11:40 AM
Jump to solution

Harmony connect logs -> on prem smartevent

Good Day everyone.

I have an on-prem log/sme server which is receiving logs from 14 different gateways.  We also use the harmony connect product and on a typical day we have between 150-200 users on it.  

On the on-prem SME server, i have a daily threat report that goes out to staff, but on the harmony portal that email report will only be sent weekly - no option to change to daily. I see that there's a way to send the logs from harmony to on-prem via a generic syslog method.    

If received via syslog, does anyone know if the on-prem SME will actually process these logs and report/alert on them, or will they just be viewable as generic messages in the log viewer?

TIA.

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-05-24 03:24 PM
Jump to solution

Unfortunately, we do not support exporting logs from any of our Infinity Portal-hosted solutions to on-prem logging/SmartEvent.

View solution in original post

0 Kudos
7 Replies
the_rock
Legend
Legend
‎2023-05-24 01:16 PM
Jump to solution

I believe we have a customer where all those logs get sent to SIEM, but I was not involved in it, rather couple of my other colleagues. I can check if there was anyone we did this for as far as smartevent and update you.

0 Kudos
D_TK
Collaborator
‎2023-05-24 01:24 PM
In response to the_rock
Jump to solution

We do send the on-prem logs to a SIEM with the exporter just in case we ever need that correlation with other entities in our environment.  But..for day to day, real time info we live in smartlogs so i really want to get those harmony traffic logs into that so we can have one pane of glass for the CP infrastructure.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-24 03:24 PM
Jump to solution

Unfortunately, we do not support exporting logs from any of our Infinity Portal-hosted solutions to on-prem logging/SmartEvent.

0 Kudos
D_TK
Collaborator
‎2023-05-24 03:32 PM
In response to PhoneBoy
Jump to solution

Bummer.  Any idea if it's planned?  Short of getting the logs into SME, getting this report daily would be great.  How do i go about requesting that?

 

 

Screenshot 2023-05-24 153057.png

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-24 03:38 PM
In response to D_TK
Jump to solution

I'll check internally on getting the report more frequently.
You may also want to follow up with your local Check Point office for this request as well.

D_TK
Collaborator
‎2023-05-24 05:19 PM
In response to PhoneBoy
Jump to solution

Thanks, i will hit up my local account team as well.  Just wondering....can we flip this around.  We've been thinking about evaluating the cloud smart-1 for awhile.  I assume there's a cloud SME as well?  If so, would the harmony connect logs be able to feed directly into that cloud smart-1 instance providing one log view for all on-prem gateways + harmony traffic?  

 

Thanks again.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-05-24 05:27 PM
In response to D_TK
Jump to solution

SmartEvent in the cloud: Horizon Events.
And yes, this is the use case for it.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events