This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
peter_schumache
Collaborator
‎2019-11-09 03:39 AM

How to filter syslog messages in Smartlog

I configured my gateway to send its syslog messages to the SmartCenter Server according to sk102995.

 

To view the syslog messages in Smrtview Tracker, is says:

"In SmartView Tracker log, the informational field will should show "...system daemons syslog_severity..."

There is no way to define a query (in R80.20) for the "informational" Field. There is a field "Information", but again, no query available.

What did I miss?

0 Kudos
3 Replies
FedericoMeiners
Advisor
‎2019-11-09 04:13 AM

How did you set this up? It seems that you made it the old way

On GWs R80.X you can go to the System Logging (Gateway, not management) section on the web user interface, once there you will find a check box to send syslog messages to the management server. Page 190 from admin guide:

https://dl3.checkpoint.com/paid/8d/8dbd7585030bbad76a1e65c3b458f74c/CP_R80.10_Gaia_AdminGuide.pdf?Ha...

After doing this try some failed and valid log ins to the configured gateway check the logs.

Hope it helps!

___

 

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
peter_schumache
Collaborator
‎2019-11-09 05:19 AM
In response to FedericoMeiners

I did it the new way, saying "send syslogs to SmartCenter".

The problem lies in prooving it. How can I display in Smartlog ONLY the messages from syslog?

0 Kudos
D_W
Advisor
‎2019-11-12 07:45 AM
In response to peter_schumache

Try to add "blade:syslog" in the query.

0 Kudos