This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ed_Gonzalez
Employee
Employee
‎2018-09-16 05:06 PM

Audit Logs & Log Exporter in AWS FWs

There has been some more clarifications on the subject since last time. I've got an on premise management handling the AWS/Assure FWs. I know logs are pushed to the management by default.

Questions:

How do we manage the /var/log/audit/audit.log?

I was thinking utilizing log exporter to copy the data to an on premise log server as a solution. Don't know if this is the only option. We are trying to minimize any future issues related to internal audits.

Thanks,


E

4 Replies
PhoneBoy
Admin
Admin
‎2018-09-16 08:25 PM

I assume since you're a Check Point employee, you're asking this for a customer. Smiley Happy

Log Exporter only exports Security Management logs.

It does not export Gaia OS logs, many of which are exported with syslog in Gaia.

audit.log in particular is not included in this by default.

The standard "Linux" ways to do this suggest using a plugin to audispd to send the information to syslog.

This plugin doesn't exist on Gaia and I presume adding it would be an RFE. 

You might be able to use the logger utility to pipe this information to syslog, but I haven't tried this.

0 Kudos
Ed_Gonzalez
Employee
Employee
‎2018-09-16 09:06 PM
In response to PhoneBoy

Hi Phoneboy, Yes, I'm an SE in Houston. Interesting, good info on the Log Exporter. Hmm...I might run it by Rodrigue to find out if he has run into this possible issue. Again, no one is asking about it yet but I do have a possible client that will be inquiring about it.  

Looking forward seeing you this week in Houston!  Maybe we can bounce some ideas or I'll have an answer by then to share.

Ed

0 Kudos
PhoneBoy
Admin
Admin
‎2018-09-16 09:11 PM
In response to Ed_Gonzalez

Ah yes, I will be there on Tuesday Smiley Happy

0 Kudos
Ed_Gonzalez
Employee
Employee
‎2018-09-16 09:16 PM
In response to PhoneBoy

Excellent! I'm trying to get other customer to attend. They are curious to see the R77.30 to R80.10(20) migration guideline.  We have pro services helping them.

Thanks,

Ed

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Wed 18 Jun 2025 @ 10:00 AM (CEST)

    Hands-on WAF Immersion Workshop - Zaventem
    In-Person

    Tue 24 Jun 2025 @ 09:00 AM (CEST)

    Workshop Sécurité du Cloud & Hybrid Mesh
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events