Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nabs_nabs
Contributor

R80.30 domain: Send checkpoint logs fron r77.30 gateway to QRadar.

Jump to solution

Hi all,

i have r80.30 domain and r77.30 gateways; Do you know if it is possible to send checkpoint logs, in syslog format, from r77.30 gateways to Qradar siem ?

i have configured it when my domain was in r77.30 by adding r77 addon. But now my domain is in r80.30 so i don’t know if it is still possible or not.

thx a lot for your reply.

 

 

1 Solution

Accepted Solutions
Dorit_Dor
Employee
Employee

Unless mistaken...

Most recommended: Logging from mgmt/log server w log exporter (some functions can only be achieved this way)  

Secondary option: The logging from the GW existed in R77.30 but its central mgmt required plug in that was missing in initial R80x. The central management returned back in R80.20 (and since its main train, it remains in releases after) - Howto? Look for log servers and see that you can define log server that is syslog server... 

 

View solution in original post

5 Replies
Dorit_Dor
Employee
Employee

The way to send logs to external system is log exporter from the management.
Yes, ... this works on R80.30 even if your GW version is old

0 Kudos
Reply
nabs_nabs
Contributor

Hi @Dorit_Dor ,

If i'm right log exporter send logs only from management.

My question is how to send logs directly from gateway ?

Kind regards.

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
Nope, the GW cannot send the log data to any other server in syslog format, and as you are on a multidomain you cannot install a local log server either, as that is not supported until R81.
We have a similar issue where we run a R77.30 MDS with customers that use local per domain log servers, in their private area so they have the log locally and I do not want those servers in the global domain, as that is the only way to add a log server now.
The log server in the DMZ of the customers FW is recewiving the data local to their network and forwarding it from their with cplog exporter to Qradar.
Regards, Maarten
nabs_nabs
Contributor
Hi @Maarten_Sjouw

I have already done it with r77.30 gateways and mds on r77.30 versiob and it worked very well. The checkpoint logs was send directly by the gateway and not from my domain.

Dorit_Dor
Employee
Employee

Unless mistaken...

Most recommended: Logging from mgmt/log server w log exporter (some functions can only be achieved this way)  

Secondary option: The logging from the GW existed in R77.30 but its central mgmt required plug in that was missing in initial R80x. The central management returned back in R80.20 (and since its main train, it remains in releases after) - Howto? Look for log servers and see that you can define log server that is syslog server... 

 

View solution in original post