This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ojuser
Explorer
‎2019-04-25 04:19 AM

Logs forwarding

Can we send Check Point 730 Appliance system and security logs to AWS EC2 system directly through syslog configuration ?

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2019-04-25 04:27 PM

SMB device logs can be forwarded through syslog.
Security Logs from SMB can only be forwarded through an OPSEC LEA connection (not syslog).
0 Kudos
ojuser
Explorer
‎2019-04-25 08:44 PM
In response to PhoneBoy

Any idea how I can configure the logs from CP to AWS EC2 instance through OPSEC LEA. Do I need to configure anything extra as I don't have CP SMS licence in my environment. Please share some details / documents which can be helpful here. Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-04-25 10:07 PM
In response to ojuser

You would need an SMS to receive the logs from the 730.
That SMS could run in AWS using a PAYG license.
Once on an SMS you could use Log Exporter to send the logs via syslog wherever it needs to go.
0 Kudos
Pedro_Espindola
Advisor
‎2019-04-30 01:09 PM

Actually, you CAN export security logs via syslog, but it will be plain UDP syslog, without any security or guarantee of delivery.

 

Also, the format is not very friendly and you'd need to customize your own filter.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-05-01 01:54 PM
In response to Pedro_Espindola

Pretty sure that's only for OS logs and not Security logs.
0 Kudos
DeletedUser
Not applicable
‎2019-05-01 04:02 PM
In response to PhoneBoy

Not sure what version we started supporting it, but yes includes the option to send security logs. Enable Show obfuscated if needed. As Pedro says not sent securely and will need to parse them to do any reporting on them.

The central log server may be the better option for both of these reasons.

syslog-options.jpg

 

0 Kudos
Vladimir
Champion
Champion
‎2019-05-01 04:56 PM
In response to DeletedUser

Yep, it's been around for a while.

I am logging to NAS-based syslog in my lab from standalone 1430:

image.png

0 Kudos
PhoneBoy
Admin
Admin
‎2019-05-02 10:53 AM
In response to DeletedUser

Well then, I'm happy to be wrong in this case.
And it must be a relatively recent feature.
0 Kudos
Pedro_Espindola
Advisor
‎2019-05-02 10:57 AM
In response to PhoneBoy

I think it is available since R77.20.80.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top