Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jt-jt
Participant

2x log exporter setup on one management server?

Hi,

After a bit of advice here please. I am looking to setup a syslog collector server to send logs from the Checkpoint Management box to a Cloud hosted SIEM.

I am also working on another project where they want to see some of the log (smaller set of above logs, e.g. only time, src IP, dst IP, port, action).

Is it possible to have log exporter setup to export two sets of output to the syslog collector server? (one full set and one with just the selected fields?)

Advice will be much appreciated, many thanks in advance.

Regards,
JT

0 Kudos
2 Replies
AaronCP
Collaborator

Hi @jt-jt 

 

What version are you running?

 

I am running R80.40 T139 and I currently have log exporter configured to export two sets of logs to our syslog server. The first log exporter instance is set to export filtered logs from our perimeter gateways, with the other log exporter instance exporting audit logs from the management server.

 

If you check out sk122323, there is a 'Filter Configuration' section. There are instructions there that detail how to modify the FilterConfiguration.xml file to control what information is exported (it specifies source & destination in the example).

 

Good luck!

0 Kudos
jt-jt
Participant

Many thanks @AaronCP we are running R80.40, so should be able to take advantage of the filtering. I will have a look into it.

Thanks again.

0 Kudos