Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Adir_Sabag
Explorer

Log exporter - Issues exporting audit logs

Hello, 

We are an MSSP, and most of our customers have an R80.40.

At one of our customers' site, for example, we have configured a log exporter to send logs from the management server to a QRadar collector at the same site. For some reason we cannot see any audit logs being sent to us.

Some of our customers still forward logs using OPSEC\LEA protocol, and while using this protocol I can see the audit logs in our SIEM (QRadar).

While checking any of the customers using Syslog protocol, I cannot find event one audit log being sent to us.

 

Is there any known issues exporting audit logs while using log exporter and Syslog protocol?

 

Thank you.

0 Kudos
3 Replies
Tal_Paz-Fridman
Employee
Employee

Please see if related to the following SK:

Not all logs are exported when log exporter is configured on Log Server/Multi-Domain Log Module

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

HTH

Tal

0 Kudos
Adir_Sabag
Explorer

I don't know if this is the case.

I mean, the log exporter is configured to send the logs to a QRadar log collection server. The logs are being sent immediately, but as I have mentioned, we cannot see audit logs.

0 Kudos
G_W_Albrecht
Legend
Legend

Then contact TAC and either get the hotfix or a reason why that is not working!

CCSE CCTE SMB Specialist
0 Kudos