cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Employee+
Employee+

Audit Logs & Log Exporter in AWS FWs

There has been some more clarifications on the subject since last time. I've got an on premise management handling the AWS/Assure FWs. I know logs are pushed to the management by default.

Questions:

How do we manage the /var/log/audit/audit.log?

I was thinking utilizing log exporter to copy the data to an on premise log server as a solution. Don't know if this is the only option. We are trying to minimize any future issues related to internal audits.

Thanks,


E

4 Replies
Admin
Admin

Re: Audit Logs & Log Exporter in AWS FWs

I assume since you're a Check Point employee, you're asking this for a customer. Smiley Happy

Log Exporter only exports Security Management logs.

It does not export Gaia OS logs, many of which are exported with syslog in Gaia.

audit.log in particular is not included in this by default.

The standard "Linux" ways to do this suggest using a plugin to audispd to send the information to syslog.

This plugin doesn't exist on Gaia and I presume adding it would be an RFE. 

You might be able to use the logger utility to pipe this information to syslog, but I haven't tried this.

0 Kudos
Employee+
Employee+

Re: Audit Logs & Log Exporter in AWS FWs

Hi Phoneboy, Yes, I'm an SE in Houston. Interesting, good info on the Log Exporter. Hmm...I might run it by Rodrigue to find out if he has run into this possible issue. Again, no one is asking about it yet but I do have a possible client that will be inquiring about it.  

Looking forward seeing you this week in Houston!  Maybe we can bounce some ideas or I'll have an answer by then to share.

Ed

0 Kudos
Admin
Admin

Re: Audit Logs & Log Exporter in AWS FWs

Ah yes, I will be there on Tuesday Smiley Happy

0 Kudos
Employee+
Employee+

Re: Audit Logs & Log Exporter in AWS FWs

Excellent! I'm trying to get other customer to attend. They are curious to see the R77.30 to R80.10(20) migration guideline.  We have pro services helping them.

Thanks,

Ed