This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
ACEGYRA
Participant
‎2021-04-29 03:17 AM

Need help to configure log forwarding to syslog server SIEM from checkpoint management server

Jump to solution

Need help to configure log forwarding to syslog server SIEM from checkpoint management server.

0 Kudos
1 Solution

Accepted Solutions
Mike_A
Advisor
‎2021-04-29 06:38 AM
In response to ACEGYRA

Jump to solution

syslog messages from your gateways/mgmt to a syslog server, or firewall logs to a syslog server? If its the gateway/mgmt to a syslog sever the string is below. 

 

add syslog log-remote-address <target server> level <level>

 

If its traffic logs, then per the SK Val posted you would use a syntax like below specifying syslog as the format. 

cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server IP/host name> target-port <target-port> protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)|(logrhythm)|(generic)> [optional arguments]

 

For you I would assume the string to look something like this

cp_log_export add name SYSLOG-EXPORT-TO-SIEM target-server 10.10.10.10 target-port 514 protocol udp format syslog

 

View solution in original post

(1)
4 Replies
_Val_
Admin
Admin
‎2021-04-29 03:36 AM

Jump to solution

Start here: sk122323

ACEGYRA
Participant
‎2021-04-29 04:59 AM
In response to _Val_

Jump to solution

We want to forwards udp-514 syslog message to target server

0 Kudos
Mike_A
Advisor
‎2021-04-29 06:38 AM
In response to ACEGYRA

Jump to solution

syslog messages from your gateways/mgmt to a syslog server, or firewall logs to a syslog server? If its the gateway/mgmt to a syslog sever the string is below. 

 

add syslog log-remote-address <target server> level <level>

 

If its traffic logs, then per the SK Val posted you would use a syntax like below specifying syslog as the format. 

cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server IP/host name> target-port <target-port> protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)|(logrhythm)|(generic)> [optional arguments]

 

For you I would assume the string to look something like this

cp_log_export add name SYSLOG-EXPORT-TO-SIEM target-server 10.10.10.10 target-port 514 protocol udp format syslog

 

(1)
ACEGYRA
Participant
‎2021-05-03 02:04 AM
In response to Mike_A

Jump to solution

IMG_4525.jpg

0 Kudos
Labels