This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
impasan
Participant
‎2023-08-07 07:31 AM
Jump to solution

How does management server select the log source to fetch the logs?

Hi Folks,

I need some information to know regarding log servers. Assume that we have 2 log servers and firewalls are configured to send the logs to both of the log servers at the same time. In this case, when we search for logs, how does the Management server pick a log server to fetch the logs? As both of the log servers are having the same logs, I have a confusion how does this selection happen. Appreciate your thoughts on this.

Thank you!

Management #logservers Smart-1 Appliances 

Management
Management
Harmony
Smart-1 Appliances
Smart-1 Appliances
Quantum
0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-08-07 11:15 PM
In response to impasan
Jump to solution

As i wrote before, this is done by the SMS. How it is done also depends upon if you use Dynamic Log Distribution: In R81 and lower versions, each Primary Log Server received a copy of every log. Starting in R81.10, with Dynamic Log Distribution, you can configure the Security Gateway / Cluster to distribute its logs between the active Log Servers.

See the link for details !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-08-07 10:07 AM
Jump to solution

You can define primary and backup Log Servers. SMS SmartLog will take care of selecting the available source and display logs without duplicates. See details in https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_LoggingAndMonitoring_AdminGu...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
impasan
Participant
‎2023-08-07 08:26 PM
In response to G_W_Albrecht
Jump to solution

Hi Albrecht,

I understand the functionality when there is a primary-backup log server configuration is there. However, if there are 2 log servers configured as the primary section, would like to know what is the procedure of selecting log servers to fetch logs without duplicating. 

Thank you.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-08-07 11:15 PM
In response to impasan
Jump to solution

As i wrote before, this is done by the SMS. How it is done also depends upon if you use Dynamic Log Distribution: In R81 and lower versions, each Primary Log Server received a copy of every log. Starting in R81.10, with Dynamic Log Distribution, you can configure the Security Gateway / Cluster to distribute its logs between the active Log Servers.

See the link for details !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events