Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hiroyuki_Sakura
Participant

how to forwad firewall log to 3rd party syslog server

Hi.

I'd like to forward firewall log to 3rd party syslog server.

but only get as follows.

Mar  5 10:15:12 192.168.90.8 CP-GW
Mar  5 10:15:12 192.168.90.8 CP-GW
Mar  5 10:15:12 192.168.90.8 CP-GW
Mar  5 10:15:12 192.168.90.8 CP-GW

probably I need something change on rsyslog.conf

anybody know how to fix it ?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The best way to do this at the moment is using the CpLogToSyslog tool: How to export Check Point logs to a Syslog server using CPLogToSyslog 

In the near future, a different tool will be available for this.

0 Kudos
Kosin_Usuwanthi
Collaborator

I found issue CPlog2Syslog port 18184 crash and waiting TAC provide new tool.

Hope the new tool can solved my issue.

0 Kudos
Roi_Elbaz
Explorer

I'm waiting too ....

0 Kudos
Kosin_Usuwanthi
Collaborator

The new tool works on my lab. I'll deploy on production next week.

0 Kudos
Hiroyuki_Sakura
Participant

We could solve this problem Smiley Happy

rsyslog.conf like follows.

$template RawMsgOutputFormat, "%TIMESTAMP% %HOSTNAME% %rawmsg%\n"

:fromhost-ip,isequal,"IP-ADDR" -/var/log/fw/fw.log;RawMsgOutputFormat

hope someone's help.

Yonatan_Philip
Employee Alumnus
Employee Alumnus

Hello,

 

A new log exporting tool has been released. This tool will be replacing CPLogToSyslog.

You can find all relevant details in Logs Exporter - Check Point Logs Export.

 

It can work on any port in either TCP or UDP.

Regards,

 Yonatan 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events