Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Luis_Miguel_Mig
Advisor

co_log_exporter and HA

Hi,
cp_log_export allows to configure multiple targets
But can you configure load balancing or HA (active and standby)?
Or does it only allow to send all the logs to all the targets configured?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

It only allows sending of all logs to all configured targets at this time.

0 Kudos
Amir_Senn
Employee
Employee

The SK for Log Exporter is pretty extensive and contains a lot of relevant information: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

We run log exporter from the log servers/managements, each of the log servers needs to run its own, to proper config exporter to send all the logs from your environment you need to configure log exporter on each.

The SK has a section with filtering so it won't send all the logs.

Kind regards, Amir Senn
0 Kudos
Luis_Miguel_Mig
Advisor

Thanks Amir, but as Phoneboy said we can only send  the logs to all the targets configured.
I was asking for dynamic load distribution or some sort of (primary/backup) with cp_log_export between the checkpoint managers and the log server targets.
I guess that if I only configure one target with cp_log_export, the checkpoint manager won't be able to resume and send the logs unsent during the time the target syslog was down, right?


0 Kudos
Amir_Senn
Employee
Employee

1. You can define as many as targets as you want (each of them is a new exporter) and you can define filter independently.

2. If you want something dynamic it's very easy. As I said, if you configure all your log servers with exporter to the same server you will have all the logs if they are defined properly in SmartConsole. For example, let's say you have a dedicated log server and MGMT - you define exporters for both of them to same server and in SmartConsole you define to the GWs that if the primary log server isn't available, send it to the other.

3. If the server itself went down then I think (not sure 100%) that the exporter doesn't know that the logs aren't received (but maybe this could change between vendors). If you have 2 servers you can export the logs to, this will a proper backup. If this is on Check Point side the exporter will know to continue from the same place AFAIK. There's also a way to export a specific log file so we can always re-send something if we think logs might be missing.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events