Mastering Endpoint Security -
Best Practices for 2024
Check Point Named Leader
In Mobile Threat Defense
Regulatory Compliance Update
For Non-US DoC Versions
Customer Threat Prevention
& Vulnerability Management Survey
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
Identity Awareness Best Practices
Dear friends @PhoneBoy @the_rock ,
I've been thinking about this specific request, and I believe it could be achieved as follows: The goal is to monitor the output of the log $FWDIR/log/oracle_had.elg, so on the Check Point Gateways, I could create a .sh script with the following content:
###################################################################
#!/bin/bash
while true; do
tail -f /opt/CPsuite-R81.10/fw1/log/oracle_had.elg | nc -l -p 12345
sleep 5
done
###################################################################
and schedule this task in cron. This will make the Gateway create a server listening on port 12345 and sending the content of the specific log.
After that, in some monitoring tool, I can use netcat with the 'nc gateway_ip 12345' command to allow the tool to view the log's output and then create some kind of alert if the log's output contains any unexpected values.
I'm not sure yet which tool could be used or how to configure this alert within it, but this could be a way to go.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
