This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
nabs_nabs
Contributor
‎2020-06-04 02:48 PM

R80.30 domain: Send checkpoint logs fron r77.30 gateway to QRadar.

Jump to solution

Hi all,

i have r80.30 domain and r77.30 gateways; Do you know if it is possible to send checkpoint logs, in syslog format, from r77.30 gateways to Qradar siem ?

i have configured it when my domain was in r77.30 by adding r77 addon. But now my domain is in r80.30 so i don’t know if it is still possible or not.

thx a lot for your reply.

 

 

Reply
1 Solution

Accepted Solutions
Dorit_Dor
Employee
Employee
‎2020-06-07 05:43 AM
In response to nabs_nabs

Jump to solution

Unless mistaken...

Most recommended: Logging from mgmt/log server w log exporter (some functions can only be achieved this way)  

Secondary option: The logging from the GW existed in R77.30 but its central mgmt required plug in that was missing in initial R80x. The central management returned back in R80.20 (and since its main train, it remains in releases after) - Howto? Look for log servers and see that you can define log server that is syslog server... 

 

View solution in original post

Reply
5 Replies
Dorit_Dor
Employee
Employee
‎2020-06-04 07:18 PM

Jump to solution

The way to send logs to external system is log exporter from the management.
Yes, ... this works on R80.30 even if your GW version is old

0 Kudos
Reply
nabs_nabs
Contributor
‎2020-06-05 12:49 AM
In response to Dorit_Dor

Jump to solution

Hi @Dorit_Dor ,

If i'm right log exporter send logs only from management.

My question is how to send logs directly from gateway ?

Kind regards.

0 Kudos
Reply
Maarten_Sjouw
Champion
Champion
‎2020-06-05 07:33 AM
In response to nabs_nabs

Jump to solution
Nope, the GW cannot send the log data to any other server in syslog format, and as you are on a multidomain you cannot install a local log server either, as that is not supported until R81.
We have a similar issue where we run a R77.30 MDS with customers that use local per domain log servers, in their private area so they have the log locally and I do not want those servers in the global domain, as that is the only way to add a log server now.
The log server in the DMZ of the customers FW is recewiving the data local to their network and forwarding it from their with cplog exporter to Qradar.
Regards, Maarten
Reply
nabs_nabs
Contributor
‎2020-06-05 07:54 AM
In response to Maarten_Sjouw

Jump to solution
Hi @Maarten_Sjouw

I have already done it with r77.30 gateways and mds on r77.30 versiob and it worked very well. The checkpoint logs was send directly by the gateway and not from my domain.

Reply
Dorit_Dor
Employee
Employee
‎2020-06-07 05:43 AM
In response to nabs_nabs

Jump to solution

Unless mistaken...

Most recommended: Logging from mgmt/log server w log exporter (some functions can only be achieved this way)  

Secondary option: The logging from the GW existed in R77.30 but its central mgmt required plug in that was missing in initial R80x. The central management returned back in R80.20 (and since its main train, it remains in releases after) - Howto? Look for log servers and see that you can define log server that is syslog server... 

 

View solution in original post

Reply