This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
leangm
Contributor
‎2022-07-28 06:56 AM

Smartlog Vs SmartEvent

Hello Checkmate

I have one question related dedicated logs server and the dedicated smart event server

What is the best practice to configure log settings from the gateway send to dedicate logs server and dedicate smart event server?

Example:

1 Security Management VM 

1  VM  Smartlog Server 

1  VM SmartEvent 

Capture.PNG

0 Kudos
9 Replies
G_W_Albrecht
Legend Legend
Legend
‎2022-07-28 07:17 AM

SmartEvent gets its logs from Log Server, see https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_LoggingAndMonitoring_AdminGu...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
leangm
Contributor
‎2022-07-29 02:41 AM
In response to G_W_Albrecht

still not clear about this link

My question is if we have a separate VM server  let say

1VM running as Smart event server and other 1VM functions running as a log server 

How do we get logs from the gateway?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2022-07-29 03:27 AM
In response to leangm

GW sends logs to log server. SmartEvent pulls the events from log server to correlate and store them. Using SmartConsole, you connect to SMS to see or save SmartLogs, Events and Reports.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
leangm
Contributor
‎2022-07-29 03:40 AM
In response to G_W_Albrecht

So mean we no need to configure the gateway setting to send logs to smartvent server?  send to only log server ok?

and could I know what is the benefit to deploy a dedicated smartvent server?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-07-29 03:43 AM
In response to leangm

No. You don't need to configure it on the Gateway.

You would only do this If you wanted the SmartEvent server to be a last resort backup in case the log server was unavailable.

Performance and scalability. Most customers typically start with Mgmt & SmartEvent, sizing determines if they are the same machine or separate.

Dedicated log servers might also be for retention or performance reasons. In a basic deployment the Mgmt also serves as a log server.

CCSM R77/R80/ELITE
0 Kudos
leangm
Contributor
‎2022-07-29 04:34 AM
In response to Chris_Atkinson

One more question:

If we have a SIEM solution and want to export logs to SIEM should we export on both servers and do you have any document best practices to export log servers to SIEM?

Log server machine 

and Smarteevent server machine 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-07-29 04:42 AM
In response to leangm

Log Exporter is used here, see sk122323 and the relevant admin guides to configure the export from the Log server. In recent versions this can be done via SmartConsole.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

CCSM R77/R80/ELITE
0 Kudos
Amir_Senn
Employee
Employee
‎2022-07-31 04:46 AM
In response to leangm

In order to export all the traffic logs you need to define it on the log server.

If you want it to export correlated events you need to define it for the SmartEvent server as well.

Kind regards, Amir Senn
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-07-28 07:24 AM

The above looks as expected, you can optionally set the mgmt as a backup log server if you choose.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top