cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
phlrnnr
Silver

Re: Log Exporter guide

Jump to solution

Feature request - it seems that the 'target-server' must be an IP address.  It would be great if this can be updated to either a domain name or an IP address.  That would allow for flexibility when a customer is controlling which syslog server you are hitting via DNS.  Thanks for considering.

0 Kudos
Employee+
Employee+

Re: Log Exporter guide

Jump to solution
Hi,
Thank you for your feedback. This is already is our todo list.
Stay tuned for updates 🙂
0 Kudos
Raymondn
Nickel

Re: Log Exporter guide

Jump to solution

Hi there,

Regarding to "System Monitor" type of logs, what can I expect to see?

More background about my question.

We are on R80.30.  We have been using the old (classic/legacy) way to export CP logs to Splunk via the OPSEC LEA connection.

Been working fine.  For "system" type of messages, I can see log when firewall policy being pushed with the admin username.  I also able to see some messages regarding to high CPU usage or cluster status alert, similar to those "control" or "alert" type messages I see in the native Smart Console Log view.

 

Last week we switched to use the Log Exporter to Splunk (we also got the Check Point for Splunk apps installed).

What I am trying to figure out is how to get back those "policy installation" and "system status" log in Splunk.

I manage to find the "policy installation" log via Splunk (index="network_firewalls" source=tcp:11002
sys_message="installed*"), but the log didn't include the admin username.

But for other system status/alert type of log, I am not able to find them in Splunk.

 

First question is if what I am trying to do is available under LogExporter method?

If so, which direction or field values I should search in Splunk?

I see there is a field "product=System Monitor" but it doesn't seem contains much useful system log messages.

 

Thanks in advance.

0 Kudos
Employee+
Employee+

Re: Log Exporter guide

Jump to solution

All such logs should be exported to splunk assuming you don't have any filter.

if you see them in the SmartConsole's Logs view for this Log-Server/Management.

 

product=System Monitor should work (translated to splunk matching filter).

 

Can you share an example pic (or copy fields) of a system monitor log you'd like to see, but is missing or cannot be found on your splunk using log-exporter?

 

 

0 Kudos