This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Michael_Briceño
Contributor
‎2017-11-02 03:51 PM

Export Logs to another Log Server

Hello friends, I hope your help with this: Do you know if there is a way to export traffic logs (firewall, appcontrol, ips, etc) from a logserver to another logserver and that this can be visualized through smartlog / smartviewTracker ..? ?
The purpose is to have the same logs on these two logserver since for SMB type equipment (1200R to be specific), the sending of logs in simultaneous to two logserver is not supported. I have seen that you can send one logserver at a time, and send another logserver as long as the first logserver is unreachable.
Can we have it sent to both at the same time? I will greatly appreciate your comments.

Regards,

Michael Briceño.

6 Replies
Vladimir
Champion
Champion
‎2017-11-02 04:59 PM

Disclaimer: following suggestion is a hack and I am not at all certain that it will work, but:

If your management server is a VM, try cloning it, attach its vNIC to a dedicated physical NIC of the host and connect that NIC to a mirror port on the switch that the logs are passing through. 

It'll be actually funny if works.

0 Kudos
Vladimir
Champion
Champion
‎2017-11-02 06:29 PM

Or in officially approved way:

Log forwarding

Michael_Briceño
Contributor
‎2017-11-03 08:34 AM
In response to Vladimir

Hello Vladimir,
Thank you for your comments. But I've seen that for SMB teams, the log forwarding option is not available either. It is clear to me that it is a limitation of the model or type of device.

I have tried to send logs from the same 1200R device as syslog to this second logserver, but only send configuration logs but no traffic.

Will there be another way to make this possible? Any comment is helpful.

Regards,

Michael Briceño.

0 Kudos
Vladimir
Champion
Champion
‎2017-11-03 08:56 AM
In response to Michael_Briceño

Forward logs from the primary logging server to the secondary. You'll have to configure the log forwarding not on the gateway, but on your primary management/log server.

I do not believe that you can circumvent the logging limitations of these gateways without adversely impacting their performance.

0 Kudos
Michael_Briceño
Contributor
‎2017-11-03 09:02 AM
In response to Vladimir

Oh oh ok! had misunderstood. I'm worth it and I'll tell you how it went. Thanks.

0 Kudos
Sven_Glock
Advisor
‎2018-05-30 01:03 AM

Which version of management are you running?

Is your secondary logserver a Check Point Log server, too?