Hi Experts ,
Need advice on the following , I need to forward tracker logs to Syslog server but i am not able to find the syslog server to forward logs as shown below .
Is there any ways to do it to forward tracker logs....
The settings you are trying to use are to forward your Check Point logs periodically to another Check Point Log server. It will not work for a syslog server or a SIEM.
To set up log export to syslog from your central management log servers, please refer to sk122323
Install this release on a R80.10 Multi-Domain Server, Multi-Domain Log Server, Security Management Server, Log Server or SmartEvent Server.Note: Log Exporter can be installed on top of R80.10 Jumbo Hotfix Take 56 and above.
**This hotfix must be installed after the Jumbo, and will need to be uninstalled to upgrade to a higher Jumbo take, and then reinstalled after the newer Jumbo is in place.
You do not need this hotfix, if your Jumbo take is above 56 with R80.10. Otherwise, please open a support request to get it from TAC
I would rather go with sk122323 Log Exporter - Check Point Log Export and Check_Point_R80.10_Log_Exporter_T35_sk122323_FULL.tgz. sk115392 How to export Check Point logs to a Syslog server using CPLogToSyslog is the older tool (Check_Point_CPLogToSyslog_R80.10_GA_jhf_T56_FULL.tgz).
Hi Gunter, this was my original recommendation. Do I miss something?
Yes, we did agree completely in our suggestions ;-) I did reply to the message from Shivajith S @ Valeri Loukine am 04.07.2018 15:21 more than to yours.
Instead of going for CPLogToSyslog , Log Exporter-Check Point Log Export will help to achieve the target to forward the tracker log to syslog ?
May I know which version of Log Exporter need to install is it T35 which you mentioned, or how should I select the correct suitable version ?
As Valeri says in his initial reply Log Exporter doesn't forward the Tracker log file, but sets up a syslog feed of the log events to a syslog server. If this is what you want to achieve, then the answer is yes.
And yes T35 is the latest R80.10 version available.
Can someone tell me if using Log Exporter to forward all logs from the management server, will I still be able to view my logs in Tracker AND on the syslog server? Or will the logs now go directly to the syslog server and only be viewable from there?
Log Exporter sends the logs to the configured syslog server.
It does not remove the logs from the management, so they can be viewed in SmartLog or SmartView.
Retrieving data ...