Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Audit Logs over Syslog

Hello,

I  have integrated my R80.40 Gateways to a syslog server. I can see the server receiving all the syslogs. However, i am unable to see any audit logs there such as policy installation... for that do i need to integrate Management Server to Syslog server ? or i can get those via Gateways as well... any specific settings to receive those via the Gateways ?

Thanks

0 Kudos
5 Replies
G_W_Albrecht
Legend Legend
Legend

See sk87560: How to configure Security Gateway on Gaia OS to send FireWall logs to an external Syslog se...:

To export Check Point FireWall and Audit logs from a Security Management Server / Multi-Domain Security Management Server / Log Server to external Syslog servers, refer to sk122323 - Logs Exporter - Check Point Logs Export.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
LostBoY
Advisor

Thanks for the reply... can audit logs only be exported from Management Server and not from Gateways ?
0 Kudos
Pedro_Espindola
Advisor

Yes. Audit logs containing information such as object modification, rule creation and policy install are generated and stored by the management server and can be exported using the cp log exporter as Albrecht said.

 

Configuring a syslog server in the Gaia WebUI will only export system logs such as those contained in /var/log/messages, which does not contain any information about the security policy.

ab
Explorer

@G_W_Albrecht  and @Pedro_Espindola 

We are running below command to get the logs on  one of our CMA (in MDS environment)  but did not receive the audit logs  on our syslog server. Could you please advise if this is the correct command or we need to modify to add any additional parameter.

Our target is  to get both traffic log and audit log .

cp_log_export add name test target-server x.x.x.x target-port 514 protocol udp format cef

0 Kudos
S_E_
Advisor

hi

at least for protocol syslog, I can confirm that fw & audit log works. R80.40

cp_log_export add name LOG-DOM1 domain-server DOM1 target-server 1.1.1.254 target-port 514 protocol udp format syslog
cp_log_export add name LOG-MDS domain-server mds target-server 1.1.1.254 target-port 514 protocol udp format syslog

Best Regards

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events