This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jt-jt
Participant
‎2022-02-03 08:16 AM

2x log exporter setup on one management server?

Hi,

After a bit of advice here please. I am looking to setup a syslog collector server to send logs from the Checkpoint Management box to a Cloud hosted SIEM.

I am also working on another project where they want to see some of the log (smaller set of above logs, e.g. only time, src IP, dst IP, port, action).

Is it possible to have log exporter setup to export two sets of output to the syslog collector server? (one full set and one with just the selected fields?)

Advice will be much appreciated, many thanks in advance.

Regards,
JT

0 Kudos
2 Replies
AaronCP
Collaborator
‎2022-02-03 11:58 AM

Hi @jt-jt 

 

What version are you running?

 

I am running R80.40 T139 and I currently have log exporter configured to export two sets of logs to our syslog server. The first log exporter instance is set to export filtered logs from our perimeter gateways, with the other log exporter instance exporting audit logs from the management server.

 

If you check out sk122323, there is a 'Filter Configuration' section. There are instructions there that detail how to modify the FilterConfiguration.xml file to control what information is exported (it specifies source & destination in the example).

 

Good luck!

0 Kudos
jt-jt
Participant
‎2022-02-08 12:45 AM
In response to AaronCP

Many thanks @AaronCP we are running R80.40, so should be able to take advantage of the filtering. I will have a look into it.

Thanks again.

0 Kudos