Create a Post
Showing results for 
Search instead for 
Did you mean: 

Check Point MDS / Gateway Logs

Jump to solution


I'm trying to onboard Check Point logs at the moment and could need some help.

The goal is to send all Logs to a Syslog server and then bring them into a log pipeline.

As I understand Check Point has two log sources: traffic and security logs are exported from the MDS log server with "cp_log_export" and the audit logs and device logs from the gateways are configured with the clish syslog commands. Is that correct?

Now I face these problems:

Is there a way to send gateway (GAIA) logs via TCP or even syslog over TLS?

Can you export the "cp_log_export" via syslog but still use the Splunk app?

Can you configure multiple syslog servers in active / passive mode. That you don't have duplicated logs but the logs get sent when one syslog server fails?

Thanks a lot for the help.


0 Kudos
2 Replies
This widget could not be displayed.