Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Logs forwarding

Can we send Check Point 730 Appliance system and security logs to AWS EC2 system directly through syslog configuration ?

0 Kudos
9 Replies
Highlighted
Admin
Admin

Re: Logs forwarding

SMB device logs can be forwarded through syslog.
Security Logs from SMB can only be forwarded through an OPSEC LEA connection (not syslog).
0 Kudos
Highlighted
Ivory

Re: Logs forwarding

Any idea how I can configure the logs from CP to AWS EC2 instance through OPSEC LEA. Do I need to configure anything extra as I don't have CP SMS licence in my environment. Please share some details / documents which can be helpful here. Thanks.

0 Kudos
Highlighted
Admin
Admin

Re: Logs forwarding

You would need an SMS to receive the logs from the 730.
That SMS could run in AWS using a PAYG license.
Once on an SMS you could use Log Exporter to send the logs via syslog wherever it needs to go.
0 Kudos
Highlighted

Re: Logs forwarding

Actually, you CAN export security logs via syslog, but it will be plain UDP syslog, without any security or guarantee of delivery.

 

Also, the format is not very friendly and you'd need to customize your own filter.

0 Kudos
Highlighted
Admin
Admin

Re: Logs forwarding

Pretty sure that's only for OS logs and not Security logs.
0 Kudos
Highlighted

Re: Logs forwarding

Not sure what version we started supporting it, but yes includes the option to send security logs. Enable Show obfuscated if needed. As Pedro says not sent securely and will need to parse them to do any reporting on them.

The central log server may be the better option for both of these reasons.

syslog-options.jpg

 

0 Kudos
Highlighted
Pearl

Re: Logs forwarding

Yep, it's been around for a while.

I am logging to NAS-based syslog in my lab from standalone 1430:

image.png

0 Kudos
Highlighted
Admin
Admin

Re: Logs forwarding

Well then, I'm happy to be wrong in this case.
And it must be a relatively recent feature.
0 Kudos
Highlighted

Re: Logs forwarding

I think it is available since R77.20.80.

0 Kudos