Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AigarsK
Participant
Jump to solution

Syslog configuration on R80.40

Hi All,

I am having issues locating syslog configuration in Checkpoint R80.40. We have two gateways in cluster, Management and SmartEvent server.

Cluster is configured to send logs to Management server.

In infrastructure we have Ubuntu server which by all means is receiving Syslog messages from Management server.

I have checked configuration and cannot see any syslog servers configured, I changed under Logs section and nothing is configured there either.

I checked both SmartConsole and web management of appliances.

I do not appear to have cp_log_export present in clish nor in expert mode.

Could you please advise me, where and how syslog configuration is applied then?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

For me, it's in: /opt/CPrt-R81/bin/cp_log_export
It's a shell script in particular, which I believe ultimately calls: 
/opt/CPrt-R81/log_exporter/log_exporter

Above is from R81, but the R80.40 path should be similar. 
It should also be in your $PATH in expert mode and there should be processes running if it's sending logs.

View solution in original post

0 Kudos
6 Replies
S_E_
Advisor

Hi

do you mean syslog ?

In Gaia "show configuration syslog"

or cp_log in bash

"cp_log_export show"

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

or something else?

Regards

 

 

0 Kudos
AigarsK
Participant

Thanks for the reply.

I checked these commands before, "show configuration syslog" does not list any remote servers to indicate that they have been forwarded. Command "cp_log_export show" in expert states "command not found".

My Ubuntu servers is receiving traffic on port UDP 514 and messages are of Security Policy rule hit logs.

0 Kudos
PhoneBoy
Admin
Admin

If you want traffic logs, you need to export from your management server (or log server of separate) using Log Exporter.
https://community.checkpoint.com/t5/Management/Log-Exporter-guide/m-p/9035

0 Kudos
AigarsK
Participant

Thanks PhoneBoy,

I did read that article already, Thing this is bugging me is that traffic logs already appear to be forwarding to my internal server but there is no sign of "cp_log_export" being present in expert mode of that management node.

So is possible that it was configured and the subsequently removed with it still running?

0 Kudos
PhoneBoy
Admin
Admin

For me, it's in: /opt/CPrt-R81/bin/cp_log_export
It's a shell script in particular, which I believe ultimately calls: 
/opt/CPrt-R81/log_exporter/log_exporter

Above is from R81, but the R80.40 path should be similar. 
It should also be in your $PATH in expert mode and there should be processes running if it's sending logs.

0 Kudos
AigarsK
Participant

Thanks PhoneBoy,

I managed to locate the path you specified

Looks like the issue I was encountering was that I was signing on the CPM using my radius credentials and not local admin account. Since trying with admin I was able to execute "cp_log_exporter show" to see what has been configured.

 

Many Thanks All!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events