Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Herve_SCHLECHT
Participant

Send logs to SmartCenter and Syslog at the same time

Hello,

We have a CheckPoint architecture under R80.30 with Enforcement module and SmartCenter, since we installing a new SIEM, we need to send the logs to the SIEM through syslog. From the Enforcement Module can we send at the same time the logs to the SmartCenter and the syslog server ? Or we need to continue to pass through the SmarCenter that send on his side the logs to the syslog server.

BRgds

 

0 Kudos
4 Replies
Wolfgang
Authority
Authority

@Herve_SCHLECHT 

Yes, it's possible to send firewall logs directly to syslog. Follow instructions from

How to configure Security Gateway on Gaia OS to send FireWall logs to an external Syslog server 

Wolfgang

0 Kudos
_Val_
Admin
Admin

Considering the topic-starter is on R80.30, I would rather refer to https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Use Log Exported by the link

 

0 Kudos
Wolfgang
Authority
Authority

Yes, log_exporter is the smarter solution. But if you want to have the logs send directly from the gateway not the CheckPoint logserver you can't use log_exporter. I think log_exporter can't be running on gateways.

Wolfgang 

0 Kudos
_Val_
Admin
Admin

Log exported is the only supported solution With R80.30 and above. You probably win a second or two when forwarding directly from a gateway, but the recommended solution is to run exported on the management.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events