Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Logs server and stand alone gateway

Hello. Is it possible to manage logs generated and sent by standalone 1470 gateway from Smart Event R.80 mgmt server? That menans, only logs and events, but not policies?

Thanks in advance.

6 Replies
Advisor

Should work following steps of the 'Configuring External Log Servers' chapter of the Check Point 1470/1490 Appliance Centrally Managed Administration Guide (here for the last available version: R77.20.75).

0 Kudos
Highlighted
Participant

Hello Xavier. Thanks for replying so soon. I've tried to do that, but I can't see traffic on the MGMT console. This is the context:

| StandAloneGW1470| --------------logs------------------->      |R.80 MGMT with integrated Smart Event|

(Local policies, not managed)                                    (Use this only to see logs and run some Analysis with Smart Event)

There are two options on the  SAGW1470 when configuring External Log Servers:

CheckPoint Log Server.

Syslog Servers. 

I already have set a regular syslog server up and it receives logs from the stand alone box. 

Now, I've tried both options to set the Checkpoint MGMT Console IP Address.

With the first one, sic and password are required. But it's not configured because the GW is not managed by the MGMT CHKP server.

With the second option, I set the IP address IP of the MGMT CHKP server, 514, but no logs appear on Smart View Tracker o Smart Event tab...

0 Kudos
Highlighted
Collaborator

Have you checked this option?

0 Kudos
Highlighted
Admin
Admin

Theoretically, you could do something like this: How to enable SmartEvent to read logs from external Security Management Server / externally managed ... 

However, I have not tried this with a 1470 and don't know if it would work or not.

0 Kudos
Highlighted
Collaborator

I have tried to run this SK on an Endpoint Management Server R80.20 to export logs to R80.20 SMS. 

It should work however for me i got denied at the step where you add the external log source as a "Correlation Unit" because in the newer releases there is one correlation unit per SmartEvent. Error is The number of licensed correlation units has been exceeded.”

If you have a license for SmartEvent 25 then you would indeed have 4 correlation units so you are allowed to add 3 external sources.

0 Kudos
Highlighted
Champion
Champion

You need SIC for communication with the SMS. Please consult the Check Point 1100/1200R/1400 Appliances Locally Managed Administration Guide R77.20.80, chapter External Check Point Log Server, p. 195f !