Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ojuser
Explorer

Logs forwarding

Can we send Check Point 730 Appliance system and security logs to AWS EC2 system directly through syslog configuration ?

0 Kudos
9 Replies
PhoneBoy
Admin
Admin

SMB device logs can be forwarded through syslog.
Security Logs from SMB can only be forwarded through an OPSEC LEA connection (not syslog).
0 Kudos
ojuser
Explorer

Any idea how I can configure the logs from CP to AWS EC2 instance through OPSEC LEA. Do I need to configure anything extra as I don't have CP SMS licence in my environment. Please share some details / documents which can be helpful here. Thanks.

0 Kudos
PhoneBoy
Admin
Admin

You would need an SMS to receive the logs from the 730.
That SMS could run in AWS using a PAYG license.
Once on an SMS you could use Log Exporter to send the logs via syslog wherever it needs to go.
0 Kudos
Pedro_Espindola
Advisor

Actually, you CAN export security logs via syslog, but it will be plain UDP syslog, without any security or guarantee of delivery.

 

Also, the format is not very friendly and you'd need to customize your own filter.

0 Kudos
PhoneBoy
Admin
Admin

Pretty sure that's only for OS logs and not Security logs.
0 Kudos
DeletedUser
Not applicable

Not sure what version we started supporting it, but yes includes the option to send security logs. Enable Show obfuscated if needed. As Pedro says not sent securely and will need to parse them to do any reporting on them.

The central log server may be the better option for both of these reasons.

syslog-options.jpg

 

0 Kudos
Vladimir
Champion
Champion

Yep, it's been around for a while.

I am logging to NAS-based syslog in my lab from standalone 1430:

image.png

0 Kudos
PhoneBoy
Admin
Admin

Well then, I'm happy to be wrong in this case.
And it must be a relatively recent feature.
0 Kudos
Pedro_Espindola
Advisor

I think it is available since R77.20.80.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events