This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Mattias_Jansson
Contributor
‎2020-07-27 01:34 AM

Setting a syslog facility code in cp_log_export?

Hi!

I have tried to find a way to set a specific syslog Facility code for my auditlogs with the the cp_log_export function,  but I cannot find that feature. It seems to use the default Facility code 0 by default.
Does anyone know if this is possible or planned for any coming releases?

Regards

Mattias Jansson

0 Kudos
Reply
3 Replies
G_W_Albrecht
Champion
Champion
‎2020-07-27 01:54 AM

I think this was/is possible with sk115392: How to export Check Point logs to a Syslog server using CPLogToSyslog :

(7-B) Syslog Indicators - Facility Indicators

The following table shows the values and meanings of Facility Indicators that are used in the event_format section of the policy file
(refer to section "(5-E) Configuration instructions - Rulebase").

The Facility Indicators are used to specify what type of program is logging the message.
This lets the administrator specify that messages from different facilities should be handled differently
(refer to https://linux.die.net/man/5/syslog.conf).

Reply
Mattias_Jansson
Contributor
‎2020-07-27 05:33 AM
In response to G_W_Albrecht

Interesting. 
That seems to be the older tool that was supported until R80.10. 
We are on R80.20. 
So I hope that the possibility to set the facility indicator will be implemented in coming relases of the new feature.

0 Kudos
Reply