Good afternoon everyone!
We are trying to implement external log with accounting updates. We have a simple rule setup that matches telnet traffic, and it is exporting to our syslog (using cp_log_exporter to a splunk server), however it is only sending the log when a connection opens and when the user disconnects the telnet session. It is my understanding from the documentation that with accounting enabled, I should see a log every 10 minutes for this connection, is that not right? Am I perhaps missing another configuration necessary for this?
Oh, I forgot to mention, we are running R81 VM in a test environment with VSX.
[Expert@CheckPoint-Mgmt:0]# cp_log_export show
name: syslog2
enabled: true
target-server: 172.20.10.152
target-port: 514
protocol: udp
format: splunk
read-mode: semi-unified
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false
Thanks in advance,
RK