Solved: Quantum Spark export logs to external server CEF f...

LUCAM

Hi,

I am new using Checkpoint firewalls,

I have a Quantum Spark 1500, I need to send logs to an external log server (Logstash) , I configured the connection using the UI, but the Logstash log indicates problems with the CEF syntax.
I tried to check the format using the commandcp_log_export but I have read that the command is not available on Spark.

How can I verify and modify the log format? In the UI the configuration in very basic and there are no option about this.

thank you

PhoneBoy

There is currently no option to change the log format being sent via Syslog on SMB appliances, which is NOT CEF.

View solution in original post

_Val_

cp_log_export only works on regular Gaia.

If your appliance is centrally managed, you can do that on your log server.

If you need to send logs to a syslog server from a locally managed appliance, use "add syslog-server" command, and also refer to the relevant part of the admin guide, for example, this.

LUCAM

Thank you Val,

my appliance is locally managed,

I looked at the guide but there are the same options as in the UI, how do I check if the logs are sent correctly in CEF format or change this option?

thanks

PhoneBoy

There is currently no option to change the log format being sent via Syslog on SMB appliances, which is NOT CEF.

Are you a member of CheckMates?

Quantum Spark export logs to external server CEF format