This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Adir_Sabag
Explorer
‎2021-08-30 04:19 AM

Log exporter - Issues exporting audit logs

Hello, 

We are an MSSP, and most of our customers have an R80.40.

At one of our customers' site, for example, we have configured a log exporter to send logs from the management server to a QRadar collector at the same site. For some reason we cannot see any audit logs being sent to us.

Some of our customers still forward logs using OPSEC\LEA protocol, and while using this protocol I can see the audit logs in our SIEM (QRadar).

While checking any of the customers using Syslog protocol, I cannot find event one audit log being sent to us.

 

Is there any known issues exporting audit logs while using log exporter and Syslog protocol?

 

Thank you.

0 Kudos
3 Replies
Tal_Paz-Fridman
Employee
Employee
‎2021-08-31 01:55 AM

Please see if related to the following SK:

Not all logs are exported when log exporter is configured on Log Server/Multi-Domain Log Module

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

HTH

Tal

0 Kudos
Adir_Sabag
Explorer
‎2021-08-31 06:16 AM
In response to Tal_Paz-Fridman

I don't know if this is the case.

I mean, the log exporter is configured to send the logs to a QRadar log collection server. The logs are being sent immediately, but as I have mentioned, we cannot see audit logs.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-08-31 06:37 AM
In response to Adir_Sabag

Then contact TAC and either get the hotfix or a reason why that is not working!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events