Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mattias_Jansson
Collaborator

Setting a syslog facility code in cp_log_export?

Hi!

I have tried to find a way to set a specific syslog Facility code for my auditlogs with the the cp_log_export function,  but I cannot find that feature. It seems to use the default Facility code 0 by default.
Does anyone know if this is possible or planned for any coming releases?

Regards

Mattias Jansson

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

I think this was/is possible with sk115392: How to export Check Point logs to a Syslog server using CPLogToSyslog :

(7-B) Syslog Indicators - Facility Indicators

The following table shows the values and meanings of Facility Indicators that are used in the event_format section of the policy file
(refer to section "(5-E) Configuration instructions - Rulebase").

The Facility Indicators are used to specify what type of program is logging the message.
This lets the administrator specify that messages from different facilities should be handled differently
(refer to https://linux.die.net/man/5/syslog.conf).

CCSE CCTE CCSM SMB Specialist
Mattias_Jansson
Collaborator

Interesting. 
That seems to be the older tool that was supported until R80.10. 
We are on R80.20. 
So I hope that the possibility to set the facility indicator will be implemented in coming relases of the new feature.

0 Kudos
G_W_Albrecht
Legend
Legend

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events