This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
fabiofabio
Collaborator
‎2022-10-26 07:01 AM

cp_log_export destination folder

Hello,
I've seen many posts about this command but none of them specifically say where to find the destination path of the files, so I thought I'd create this discussion for people like me who can't figured it out.

my command is:

cp_log_export add name TEST target-server ******* target-port ** protocol tcp format cef encrypted true ca-cert /opt/CPrt-R80.40/log_exporter/test/ca.pem client-cert /opt/CPrt-R80.40/log_exporter/test/cp_client.p12 client-secret *****

 

i know after starting the service he create the target folder, but where is the destination files conf?

thanks a lot

0 Kudos
5 Replies
fabiofabio
Collaborator
‎2022-10-26 07:33 AM

i think i have some kind of problem with the certificates:

TcpTlsSender::MakeConnection: create new fwCert to CA succeeded

TcpTlsSender::MakeConnection: create ckpSSLparams_New succeeded

TcpTlsSender::MakeConnection: ckpSSL_Connect failed error: unknown

 

anyone have some ideas?

I had created the .pem and .p12 files from the target server and then transferred to the directory named in the command

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-26 08:44 AM

cp_log_export does not export logs to the local system at all.
It only sends them to the log server you're configuring. 
This might help for the problem you're having, though: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

fabiofabio
Collaborator
‎2022-10-27 03:23 AM
In response to PhoneBoy

i'm not trying to send the logs to the local system at all.

anyway, iv tried to follow the sk179757 you provided but in the capture there isn't the "Unknown CA"

Cattdfgfhgjhura.PNG

0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-27 09:54 AM
In response to fabiofabio

I recommend getting the TAC involved here.

0 Kudos
fabiofabio
Collaborator
‎2022-11-17 03:01 AM
In response to PhoneBoy

sorry, it's been a while because I was waiting to be given the certificates of the server in production. Now the certificates seem to work, I probably did something wrong creating them.
now i have the problem with the error:

SyslogTCPSender::connect: Failed to initialize socket (*.*.*.*:port)
TcpTlsSender::connect: Failed to create socket.

there is almost nothing on the internet, an sk and a discussion but they don't help... I open a TAC.

thanks anyway for the support!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top