Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
leangm
Contributor

Smartlog Vs SmartEvent

Hello Checkmate

I have one question related dedicated logs server and the dedicated smart event server

What is the best practice to configure log settings from the gateway send to dedicate logs server and dedicate smart event server?

Example:

1 Security Management VM 

1  VM  Smartlog Server 

1  VM SmartEvent 

Capture.PNG

0 Kudos
9 Replies
G_W_Albrecht
Legend Legend
Legend

SmartEvent gets its logs from Log Server, see https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_LoggingAndMonitoring_AdminGu...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
leangm
Contributor

still not clear about this link

My question is if we have a separate VM server  let say

1VM running as Smart event server and other 1VM functions running as a log server 

How do we get logs from the gateway?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

GW sends logs to log server. SmartEvent pulls the events from log server to correlate and store them. Using SmartConsole, you connect to SMS to see or save SmartLogs, Events and Reports.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
leangm
Contributor

So mean we no need to configure the gateway setting to send logs to smartvent server?  send to only log server ok?

and could I know what is the benefit to deploy a dedicated smartvent server?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

No. You don't need to configure it on the Gateway.

You would only do this If you wanted the SmartEvent server to be a last resort backup in case the log server was unavailable.

Performance and scalability. Most customers typically start with Mgmt & SmartEvent, sizing determines if they are the same machine or separate.

Dedicated log servers might also be for retention or performance reasons. In a basic deployment the Mgmt also serves as a log server.

CCSM R77/R80/ELITE
0 Kudos
leangm
Contributor

One more question:

If we have a SIEM solution and want to export logs to SIEM should we export on both servers and do you have any document best practices to export log servers to SIEM?

Log server machine 

and Smarteevent server machine 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Log Exporter is used here, see sk122323 and the relevant admin guides to configure the export from the Log server. In recent versions this can be done via SmartConsole.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

CCSM R77/R80/ELITE
0 Kudos
Amir_Senn
Employee
Employee

In order to export all the traffic logs you need to define it on the log server.

If you want it to export correlated events you need to define it for the SmartEvent server as well.

Kind regards, Amir Senn
0 Kudos
Chris_Atkinson
Employee Employee
Employee

The above looks as expected, you can optionally set the mgmt as a backup log server if you choose.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events