Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gabriel_Support
Contributor

Syslog Over TCP

Hi Team,

I know by default syslog uses UDP 514, is there a way to enforce TCP use when sending logs from the checkpoint side?

I am thinking since syslog uses both TCP and UDP and the port number is the same, if the syslog server is configure to accept only TCP, checkpoint should be able to work with that.

If there is a way to force checkpoint to send the logs over TCP, please let me know.

3 Replies
JozkoMrkvicka
Mentor
Mentor

Create NAT rule?

Original Source: firewall

Original Destination: Syslog server

Original Service: udp_514

Translated Source: original

Translated Destination: original

Translated Service: tcp_514

Kind regards,
Jozko Mrkvicka
0 Kudos
Gabriel_Support
Contributor

Well, implied rules come first before any other rules so that mean--I have to disable the implied and create explicit rule. 

Checkpoint should be able to decide what services it should use base on the server setting--if the server is configure to use tcp 514--send logs using that but I dont think it do--which is sad to say.

0 Kudos
Marcos_Vieira
Contributor

Sorry, but NAT does not work this way. It can change port numbers, but not protocols. 

0 Kudos
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events