Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KLN
Explorer

Log Exporter R80.10 add on for eval

Hi All,

Does anyone know if it possible to get the Log Exporter add-on for R80.10 gateway for 30 day eval? I would like to test/try out.

If not, if I upgraded my R80.10 eval to R80.20, does that include the Log Exporter (alternative to OPSEC LEA).

Thanks

0 Kudos
14 Replies
PhoneBoy
Admin
Admin

Log Exporter doesn't require a specific license.
As long as you have a license for your management server (eval or otherwise), you should be good to go.
0 Kudos
KLN
Explorer

Hi thanks for the reply, that's what I though, the eval license should cover it for 30 days. How can I get it when I attempt to get the tgz below, I don't have access

Check_Point_R80.10_Log_Exporter_T51_sk122323_FULL.tgz

 

Is there another way?

I'm new to Checkpoint, stumbling along.. but making some headway.

Thanks

0 Kudos
PhoneBoy
Admin
Admin

That file requires entitlement in UserCenter to download.
You're better off using R80.20 or R80.30, which is a more current version and has Log Exporter already integrated.
0 Kudos
Maarten_Sjouw
Champion
Champion

when you open a SSH session to the management server, type:
installer download-and-install <TAB-Key>
from clish, log exporter should be in the list.
Regards, Maarten
0 Kudos
KLN
Explorer

Hey thanks, that all worked, said the installation was successful cp_log_export exists so I can try that out with a target host This directory does not exist: $EXPORTERDIR. The variable exists, just not the directory. Just wondering if there are some installation differences between the R80.10 add-on and the R80.20 version included natively. There is a log_indexer directory Two more things, is this a daemon that I can verify log exporter is running? After evaluation license expires, do I need to reinstall R80.10 from scratch? or what happens?
0 Kudos
PhoneBoy
Admin
Admin

Main thing is the log filtering feature for Log Exporter isn't integrated into R80.20/R80.30, this will be added in a future jumbo hotfix.
You can install another evaluation license to your existing system after it expires.
cp_log_exporter status should tell you what's going on.
See also: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
S_E_
Advisor

Hi,

not sure if I understand correctly.

Log exporter can also be installed on a gateway ?

I could not find the package on the website neither via cpuse

Tried on an appliance R80.30 Jumbo T50

Thanks

Regards

 

fw02> installer download-and-install
** ************************************************************************* **
** Hotfixes **
** ************************************************************************* **
Num Display name Type
1 Check Point CPinfo build 202 for R80.30 Hotfix
2 R80.30 Gaia 2.6.18 Jumbo Hotfix Accumulator
Security Gateway and Standalone (Take 111) Hotfix
fw02> installer download-and-install

fw02>

0 Kudos
PhoneBoy
Admin
Admin

Log Exporter is meant to be installed on a Management or Log Server, not a gateway.
0 Kudos
S_E_
Advisor

Hi,
I was under impression that there were also plans to forward from a gateway directly to a syslog server (fw log messages).
Thanks
0 Kudos
PhoneBoy
Admin
Admin

That does not require Log Exporter.
However, it does require a hotfix for R80.10 Mananagement or being on R80.20 and above.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Also, this feature has some pretty significant limitations, namely only Firewall blade logs are supported (not other software blades like App Control, URL Filtering, IPS).
Log Exporter from the management is the recommended solution.
S_E_
Advisor

Hi,
We run log_exporter on MGMT80.30. Works fine.
Was just looking for additonal way also from Gateway.
Thanks
0 Kudos
PhoneBoy
Admin
Admin

What value does getting syslog from the gateway provide when you're already doing it via the management and Log Exporter?
0 Kudos
S_E_
Advisor

hi
2 ideas for that.
-different unit/ team (independant) looking at the logs.
- high availibility because mgmt might be in different country.
Thanks
Regards
0 Kudos
PhoneBoy
Admin
Admin

You can always establish a separate log server from the management and log to multiple servers.
That doesn’t require using syslog from the gateway.
0 Kudos