- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi guys!
Any idea as to how to export /var/log/audit/audit.log from R77.30 GW?
Normally I would have done it with audispd, but it's missing from the GW.
Thanks!
Hi Marco,
Thanks for the reply.
However, I'm interested in exporting /var/log/audit.log and not /var/log/messages.
I get it now , not an helpful reply from me
normally your audit log is only on management, so is this a self contained sGW? You can use log exporter, which will export both security logs and audit logs in syslog format.
Hi Maarten,
I tried using Log exporter (SK122323), but still only able to send /var/log/messages
Please tell a bit more about the environment? On which machine are you running this log exporter?
To clarify, think the original question is asking about Linux auditing which I don't think is fully implemented in Gaia, or at least exposed or documented for the end user. See reference here; Suse Doc: Security Guide - Understanding Linux Audit. The facility is there as is the file /var/log/audit/audit.log.
Let's not confuse this with audit logs from the Check Point management server, for instance this network object was added, this security policy rule is changed, etc. and security logs from the gateways connected to the management server. These are included by default when you use Log Exporter.
Back to the original question if you want to receive auditd events via syslog, there are some configuration files in /etc/audit such as audit.rules and auditd.conf, but don't think we have plugins for sending these via syslog. Could be wrong. Would have to check with a Gaia expert if you need a definitive answer.
Device syslog logs can of course be set up using the Gaia web UI or the clish CLI.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY