This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
shamimalam
Participant
‎2020-04-06 10:24 AM

how to configure external syslog on checkpoint firewall R77.20 and Splat 75.40.

Hi Team,

Please guide, how to configure external syslog on checkpoint firewall R77.20 and Splat 75.40 to send logs on port 514 to external Syslog Server ?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2020-04-06 01:03 PM

How are these gateways managed precisely?
Are you using an external security management server and if so what version.
For R77.20 in particular, it's important to know what hardware as there are different OS variants which have different steps.

Note that generally, from these versions, there either is no mechanism available to export logs via syslog or the mechanism to do so is lacking.
As those versions are not supported any longer (except on some SMB appliances where R77.20.87 is the latest release available), your best bet is to upgrade to a supported release.
For self-managed SMB appliances in particular, the ability to directly export via syslog is only supported in the 1500 Series running R80.x code and isn't available in models still running R77.20 code.

In regular R80.x gateways, Log Exporter can be used to send logs via syslog.
0 Kudos
shamimalam
Participant
‎2020-04-06 08:37 PM
In response to PhoneBoy

All our 77.20 gateway is integrated with Provider-1.

There is any way to configure Syslog in Provider-1 so all the tracker logs will be forwarded to external server.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-06 09:28 PM
In response to shamimalam

What version is on your MDM?
For R77.x, there is CPLogToSyslog, but unless you are running a stock GA environment with no hotfixes, it's unlikely these fixes will work.
Unless TAC has something for your precise environment handy, you will need to upgrade as these releases are End of Support.
CPLogToSyslog is here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

For R80.x management, use Log Exporter, which is a more robust and reliable solution than CPLogToSyslog.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Labels