This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
L3on
Participant
Monday
Jump to solution

Send logs to additional Syslog Server directly from Security Gateways managed by Smart-1 Cloud

Hello mates,

A customer needs to send logs to a Syslog Server directly from Security Gateways which are managed by Smart-1 Cloud SMS. 

Where has the "Send logs and alerts to these log servers" table gone inside the Cluster object Logs menu? 

In OnPrem deployments to add syslog servers to forward logs directly from the gateways you can double-click the Security Cluster object, then click "Logs" in the left menu tree and add a third party syslog server in the "Send logs and alerts to these log servers" table. 

I can't seem to find this table anymore in the security cluster object which is managed by Smart-1 Cloud SMS. 
Is there any workaround to this or should I use the Log Exporter in the Infinity Portal? 

Is there another way to forward Gateway logs to a syslog  server in parallel to the S1C which already receives the logs? 

Please, also find a screenshot attached with the Log options inside the Cluster object. 

 

Preview file
27 KB
0 Kudos
2 Solutions

Accepted Solutions
AkosBakos
Leader Leader
Leader
Monday
In response to L3on
Jump to solution

Ok, then the it is simple. You configure a cp_log_export on the SMS, and when the log arrives, it will be sent immediately to the external SYSLOG server.

Here is the guide, or this

Syntax:

cp_log_export add name <Name> [domain-server {mds | all}] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa} [<Optional Arguments>]

Akos

 

----------------
\m/_(>_<)_\m/

View solution in original post

PhoneBoy
Admin
Admin
Monday
Jump to solution

If gateways are managed by Smart-1 Cloud, logs can only be exported from Infinity Portal using Log Exporter (note this requires a specific SKU).
You can configure syslog on the gateway as @AkosBakos suggested, which should send firewall logs (not other blades) as they arrive on the gateway to the configured syslog server.

View solution in original post

6 Replies
AkosBakos
Leader Leader
Leader
Monday
Jump to solution

Hi @L3on 

My opinion is that, using cp_log_export is much more easier/safer, but oldschool.

What kind of logs want you to forward? Traffic logs? If yes:

NetFlow Export https://support.checkpoint.com/results/sk/sk102041

You can send logs direcly from the gateway. There are limitations, so start with this chapter.

Q: Cluster object, then click "Logs" in the left menu tree and add a third party syslog server in the "Send logs and alerts to these log servers" table. 

2025-02-17 16_31_36-Cloud Demo Server [ID_341870930]-R81.20-SmartConsole.png

or:

2025-02-17 16_30_21-Gateway Cluster Properties - Corporate-Cluster.png

 

Akos

 

----------------
\m/_(>_<)_\m/
0 Kudos
L3on
Participant
Monday
In response to AkosBakos
Jump to solution

Thanks for the quick response. 
I need to send firewall logs to the syslog at the same time they are being sent to the SMS. 

0 Kudos
AkosBakos
Leader Leader
Leader
Monday
In response to L3on
Jump to solution

Ok, then the it is simple. You configure a cp_log_export on the SMS, and when the log arrives, it will be sent immediately to the external SYSLOG server.

Here is the guide, or this

Syntax:

cp_log_export add name <Name> [domain-server {mds | all}] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa} [<Optional Arguments>]

Akos

 

----------------
\m/_(>_<)_\m/
PhoneBoy
Admin
Admin
Monday
Jump to solution

If gateways are managed by Smart-1 Cloud, logs can only be exported from Infinity Portal using Log Exporter (note this requires a specific SKU).
You can configure syslog on the gateway as @AkosBakos suggested, which should send firewall logs (not other blades) as they arrive on the gateway to the configured syslog server.

L3on
Participant
Monday
In response to PhoneBoy
Jump to solution

Thank you for reply!
But with the syslog configuration on the gateway, would the firewall logs still be forwarded to the Smart-1 Cloud SMS as well? 
Or would they be missing from the logging in the Logs&Monitor view in the Infinity Portal? 

0 Kudos
PhoneBoy
Admin
Admin
Tuesday
In response to L3on
Jump to solution

The logs should still appear in Smart-1 Cloud, yes.
The syslog is "in addition to" in this case.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events