Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Prime
Contributor
Jump to solution

Need help to configure log forwarding to syslog server SIEM from checkpoint management server

Need help to configure log forwarding to syslog server SIEM from checkpoint management server.

0 Kudos
1 Solution

Accepted Solutions
Mike_A
Advisor

syslog messages from your gateways/mgmt to a syslog server, or firewall logs to a syslog server? If its the gateway/mgmt to a syslog sever the string is below. 

 

add syslog log-remote-address <target server> level <level>

 

If its traffic logs, then per the SK Val posted you would use a syntax like below specifying syslog as the format. 

cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server IP/host name> target-port <target-port> protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)|(logrhythm)|(generic)> [optional arguments]

 

For you I would assume the string to look something like this

cp_log_export add name SYSLOG-EXPORT-TO-SIEM target-server 10.10.10.10 target-port 514 protocol udp format syslog

 

View solution in original post

(1)
4 Replies
_Val_
Admin
Admin

Start here: sk122323

Prime
Contributor

We want to forwards udp-514 syslog message to target server

0 Kudos
Mike_A
Advisor

syslog messages from your gateways/mgmt to a syslog server, or firewall logs to a syslog server? If its the gateway/mgmt to a syslog sever the string is below. 

 

add syslog log-remote-address <target server> level <level>

 

If its traffic logs, then per the SK Val posted you would use a syntax like below specifying syslog as the format. 

cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server IP/host name> target-port <target-port> protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)|(logrhythm)|(generic)> [optional arguments]

 

For you I would assume the string to look something like this

cp_log_export add name SYSLOG-EXPORT-TO-SIEM target-server 10.10.10.10 target-port 514 protocol udp format syslog

 

(1)
Prime
Contributor

IMG_4525.jpg

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events