cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Logs server and stand alone gateway

Hello. Is it possible to manage logs generated and sent by standalone 1470 gateway from Smart Event R.80 mgmt server? That menans, only logs and events, but not policies?

Thanks in advance.

6 Replies
XBensemhoun
Silver

Re: Logs server and stand alone gateway

Should work following steps of the 'Configuring External Log Servers' chapter of the Check Point 1470/1490 Appliance Centrally Managed Administration Guide (here for the last available version: R77.20.75).

0 Kudos

Re: Logs server  and stand alone gateway

Hello Xavier. Thanks for replying so soon. I've tried to do that, but I can't see traffic on the MGMT console. This is the context:

| StandAloneGW1470| --------------logs------------------->      |R.80 MGMT with integrated Smart Event|

(Local policies, not managed)                                    (Use this only to see logs and run some Analysis with Smart Event)

There are two options on the  SAGW1470 when configuring External Log Servers:

CheckPoint Log Server.

Syslog Servers. 

I already have set a regular syslog server up and it receives logs from the stand alone box. 

Now, I've tried both options to set the Checkpoint MGMT Console IP Address.

With the first one, sic and password are required. But it's not configured because the GW is not managed by the MGMT CHKP server.

With the second option, I set the IP address IP of the MGMT CHKP server, 514, but no logs appear on Smart View Tracker o Smart Event tab...

0 Kudos
Highlighted

Re: Logs server and stand alone gateway

Have you checked this option?

0 Kudos
Admin
Admin

Re: Logs server and stand alone gateway

Theoretically, you could do something like this: How to enable SmartEvent to read logs from external Security Management Server / externally managed ... 

However, I have not tried this with a 1470 and don't know if it would work or not.

0 Kudos

Re: Logs server and stand alone gateway

I have tried to run this SK on an Endpoint Management Server R80.20 to export logs to R80.20 SMS. 

It should work however for me i got denied at the step where you add the external log source as a "Correlation Unit" because in the newer releases there is one correlation unit per SmartEvent. Error is The number of licensed correlation units has been exceeded.”

If you have a license for SmartEvent 25 then you would indeed have 4 correlation units so you are allowed to add 3 external sources.

0 Kudos

Re: Logs server and stand alone gateway

You need SIC for communication with the SMS. Please consult the Check Point 1100/1200R/1400 Appliances Locally Managed Administration Guide R77.20.80, chapter External Check Point Log Server, p. 195f !