Re: how to forwad firewall log to 3rd party syslog...

Hiroyuki_Sakura · ‎2018-03-04

Hi.

I'd like to forward firewall log to 3rd party syslog server.

but only get as follows.

Mar 5 10:15:12 192.168.90.8 CP-GW
Mar 5 10:15:12 192.168.90.8 CP-GW
Mar 5 10:15:12 192.168.90.8 CP-GW
Mar 5 10:15:12 192.168.90.8 CP-GW

probably I need something change on rsyslog.conf

anybody know how to fix it ?

‌

PhoneBoy · ‎2018-03-04

The best way to do this at the moment is using the CpLogToSyslog tool: How to export Check Point logs to a Syslog server using CPLogToSyslog

In the near future, a different tool will be available for this.

Kosin_Usuwanthi · ‎2018-03-04

I found issue CPlog2Syslog port 18184 crash and waiting TAC provide new tool.

Hope the new tool can solved my issue.

Roi_Elbaz · ‎2018-03-05

I'm waiting too ....

Kosin_Usuwanthi · ‎2018-03-08

The new tool works on my lab. I'll deploy on production next week.

Hiroyuki_Sakura · ‎2018-03-11

We could solve this problem

rsyslog.conf like follows.

$template RawMsgOutputFormat, "%TIMESTAMP% %HOSTNAME% %rawmsg%\n"

:fromhost-ip,isequal,"IP-ADDR" -/var/log/fw/fw.log;RawMsgOutputFormat

hope someone's help.

Yonatan_Philip · ‎2018-03-21

Hello,

A new log exporting tool has been released. This tool will be replacing CPLogToSyslog.

It can work on any port in either TCP or UDP.

Regards,

Yonatan

Are you a member of CheckMates?