Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TSOL
Advisor
Jump to solution

What is best practice for syslog sending

Dear Team,

 

Hello.

We are setting a distributed environment with two smart-1 appliances(MGMT-HA) and two quantum appliances(Cluster_XL).

We need to send syslog to other syslog server.

In this case, should I configure Gaia or Smartconsole to send syslogs?

 

And I want to know the difference between syslog that can be sent from Gaia and syslog that can be sent from smartconsole.

Please let me know if you have any information.

 

 

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

As above security logs come from management.

Local OS events direct from the Gateway.

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee

Regarding Syslog for Security & Audit Logs the answer is:

sk122323: Log Exporter - Check Point Log Export

Weather you configure it in GAiA CLI or SmartConsole depends on the Management version & advanced nature of the config required.

 

The Syslog otherwise configured at the GAiA level is the system/OS logs as different to the above.

CCSM R77/R80/ELITE
0 Kudos
TSOL
Advisor

Thank you for the reply.

This SK is set to send syslog from smartconsole, but is checkpoint recommended to send it from smartconsole normally?
Gaia can also send syslogs, but when would you use this?

Please let me know if you have any information.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

As above security logs come from management.

Local OS events direct from the Gateway.

CCSM R77/R80/ELITE
0 Kudos
George_Ellis
Advisor

You would use it in Info level if you wanted to see DHCP assignments if the gateway is set to act as a DHCP server.  You can also scrub for local logins, and any critical or warnings you specifically need.  With PCI-DSS, sending these to your syslog servers allows better validation of their questions.  It is very satisfying during an audit to say, "Did you check on the syslog infrastructure?  It is there."

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events