This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kb1
Collaborator
‎2021-07-19 03:06 PM

Sending logs to logrhythm

I have a question regarding sending logs from each firewall (we have multiple firewalls, most running on R80.20, some on R80.40 and a few on do R77) to logrhythm.

Do we have to configure logging on each firewall so that each firewall sends the logs to the logrhythm server or do we have to configure only the management server so that the mgmt server itself can send all the logs that it receives from all the firewalls to logrhythm? We already have the management server configured to send all logs to the logrhythm server and getting reports saying that for a lot of firewalls the logs are not being sent to logrhythm.

Thank you.

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-07-19 03:29 PM

The way to do this is via Log Exporter from the Management/Log Server.
Possible there's a filter configured which is causing some logs not to be sent.

0 Kudos
kb1
Collaborator
‎2021-07-19 03:34 PM
In response to PhoneBoy

Thanks for replying and yes log exporter has been configured already on the mgmt server, when you say a filter is configured that prevents some logs from not being sent what do you you exactly mean? As far as I am aware there shouldn't be anything blocking logs from being sent over to logrhythm but I could be wrong, where do I get started on trying to troubleshoot this filter that you are talking about?

Thank you

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-19 03:41 PM
In response to kb1

It's part of the Log Exporter configuration.
Refer to the filtering section here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Gomboragchaa
Advisor
‎2021-07-19 05:48 PM

Where did you see the logs are not sent to logrhythm?

Did you try tail on LR side? If there isn't log on LR tail, check the log-exporter config again. It could be log exporter service stopped or something wrong on config...

0 Kudos
kb1
Collaborator
‎2021-07-29 03:30 PM
In response to Gomboragchaa

Sorry about the late reply but we have the logexporter configured on the management server to send logs to the logrhythm server, the doubt that the logrhythm team has is how can they check if the logs that they are seeing are from every firewall that are sending logs to the mgmt server? When you say tail how do we check the tail on logrhythm side? Will checking the tail show that logs are being sent from every firewall? Do we have to look for the name of the Firewalls in the tail?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-07-29 03:33 PM
In response to kb1

You have to verify on the LogRhythm side that logs are being received from every gateway by checking to see if you see logs from those gateways.
Not aware of the specifics on how to do that.

0 Kudos
kb1
Collaborator
‎2021-07-29 03:36 PM
In response to PhoneBoy

Ok I will let them know to check and see what they are seeing on the tail logs, thank you.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events