Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Michael_Briceño
Contributor

Export Logs to another Log Server

Hello friends, I hope your help with this: Do you know if there is a way to export traffic logs (firewall, appcontrol, ips, etc) from a logserver to another logserver and that this can be visualized through smartlog / smartviewTracker ..? ?
The purpose is to have the same logs on these two logserver since for SMB type equipment (1200R to be specific), the sending of logs in simultaneous to two logserver is not supported. I have seen that you can send one logserver at a time, and send another logserver as long as the first logserver is unreachable.
Can we have it sent to both at the same time? I will greatly appreciate your comments.

Regards,

Michael Briceño.

6 Replies
Vladimir
Champion
Champion

Disclaimer: following suggestion is a hack and I am not at all certain that it will work, but:

If your management server is a VM, try cloning it, attach its vNIC to a dedicated physical NIC of the host and connect that NIC to a mirror port on the switch that the logs are passing through. 

It'll be actually funny if works.

0 Kudos
Vladimir
Champion
Champion

Or in officially approved way:

Log forwarding

Michael_Briceño
Contributor

Hello Vladimir,
Thank you for your comments. But I've seen that for SMB teams, the log forwarding option is not available either. It is clear to me that it is a limitation of the model or type of device.

I have tried to send logs from the same 1200R device as syslog to this second logserver, but only send configuration logs but no traffic.

Will there be another way to make this possible? Any comment is helpful.

Regards,

Michael Briceño.

0 Kudos
Vladimir
Champion
Champion

Forward logs from the primary logging server to the secondary. You'll have to configure the log forwarding not on the gateway, but on your primary management/log server.

I do not believe that you can circumvent the logging limitations of these gateways without adversely impacting their performance.

0 Kudos
Michael_Briceño
Contributor

Oh oh ok! had misunderstood. I'm worth it and I'll tell you how it went. Thanks.

0 Kudos
Sven_Glock
Advisor

Which version of management are you running?

Is your secondary logserver a Check Point Log server, too?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events