Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
impasan
Explorer
Jump to solution

How does management server select the log source to fetch the logs?

Hi Folks,

I need some information to know regarding log servers. Assume that we have 2 log servers and firewalls are configured to send the logs to both of the log servers at the same time. In this case, when we search for logs, how does the Management server pick a log server to fetch the logs? As both of the log servers are having the same logs, I have a confusion how does this selection happen. Appreciate your thoughts on this.

Thank you!

Management #logservers Smart-1 Appliances 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

As i wrote before, this is done by the SMS. How it is done also depends upon if you use Dynamic Log Distribution: In R81 and lower versions, each Primary Log Server received a copy of every log. Starting in R81.10, with Dynamic Log Distribution, you can configure the Security Gateway / Cluster to distribute its logs between the active Log Servers.

See the link for details !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend

You can define primary and backup Log Servers. SMS SmartLog will take care of selecting the available source and display logs without duplicates. See details in https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_LoggingAndMonitoring_AdminGu...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
impasan
Explorer

Hi Albrecht,

I understand the functionality when there is a primary-backup log server configuration is there. However, if there are 2 log servers configured as the primary section, would like to know what is the procedure of selecting log servers to fetch logs without duplicating. 

Thank you.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

As i wrote before, this is done by the SMS. How it is done also depends upon if you use Dynamic Log Distribution: In R81 and lower versions, each Primary Log Server received a copy of every log. Starting in R81.10, with Dynamic Log Distribution, you can configure the Security Gateway / Cluster to distribute its logs between the active Log Servers.

See the link for details !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events