Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JAX
Explorer

R80.40 help in sending system and device status to LogRhythm using log export or other task

Jump to solution

R80.40 Gaia ClusterXL help in sending system and device status to LogRhythm using log export or other task. Our log exporter is up and running and sending logs. We would like to be able to also send logs on device status, such as when one of the clusters is down, cpu is over a certain amount, memory is high, interface is down etc. Does anyone know who to send these to LogRhythm? 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Yes, you can configure it via clish or the WebUI.
Whether LogRhythm can parse the logs is a separate question. 

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Gaia_AdminGuide/Topics-GAG/S...

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

You have Log Exporter working with the management/log server.
I don’t believe we log cluster state changes there.
You may also want to have the gateways send OS-level syslog directly to LogRhythm.

JAX
Explorer

Thank you and after more research I agree we do not log cluster state changes there. 

Is there a setting in Gaia on the gateways that send syslog information where I can set the LogRhythm IP  or do you know the command to send OS-level syslog directly to LogRhythm.

 

0 Kudos
PhoneBoy
Admin
Admin

Yes, you can configure it via clish or the WebUI.
Whether LogRhythm can parse the logs is a separate question. 

https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_Gaia_AdminGuide/Topics-GAG/S...

View solution in original post

0 Kudos