Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nikufellow
Explorer

Syslog not forwarding action

Hi,

We have configured a syslog server on R81.10. The logs are forwarding but do not have action in them . The destination is a rhel server with syslog agent running 

Can you please let me know what all need to be checked here 

 

Any pointers appreciated 

 

CEF:0|Check Point|SmartDefense|Check Point|IPS|SIPVicious Security Scanner|High|cp_severity=High cs2Label=Protection ID cs2=asm_dynamic_prop_SC_SIPVICIOUS cs3Label=Protection Type cs3=IPS cs4Label=Protection Name cs4=SIPVicious Security Scanner deviceDirection=2 flexNumber1Label=Confidence flexNumber1=9 flexNumber2Label=Performance Impact flexNumber2=8 flexString2Label=Attack Information flexString2=SIPVicious Security Scanner msg=Scanner Enforcement Violation rt=1680679718000 loguid={0x9fsdf6ec6,0xdsfdb,0xf8cfcb06,0xbsdf99} origin=132.6.99.180 originsicname=CN\=CHN-New-CP-DW-3,O\=PU-MEZ-CHKPTMGMT-01.napesorg.com.qibhes sequencenum=8842 version=3 description_url=SC_SIPVICIOUS_help.html dst=192.168.2.1 product=SmartDefense smartdefense_profile=Optimized src=81.14.123.112

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

What log exporter settings are you using?

Namely: format, read-mode, protocol, encryption 

How else have you verified that the action isn't being sent?

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

The action field is not sent with every log.
See: https://support.checkpoint.com/results/sk/sk144192 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events