Any idea as to how to export /var/log/audit/audit.log from R77.30 GW?
Normally I would have done it with audispd, but it's missing from the GW.
Thanks for the reply.
However, I'm interested in exporting /var/log/audit.log and not /var/log/messages.
I get it now , not an helpful reply from me
normally your audit log is only on management, so is this a self contained sGW? You can use log exporter, which will export both security logs and audit logs in syslog format.
I tried using Log exporter (SK122323), but still only able to send /var/log/messages
Please tell a bit more about the environment? On which machine are you running this log exporter?
To clarify, think the original question is asking about Linux auditing which I don't think is fully implemented in Gaia, or at least exposed or documented for the end user. See reference here; Suse Doc: Security Guide - Understanding Linux Audit. The facility is there as is the file /var/log/audit/audit.log.
Let's not confuse this with audit logs from the Check Point management server, for instance this network object was added, this security policy rule is changed, etc. and security logs from the gateways connected to the management server. These are included by default when you use Log Exporter.
Back to the original question if you want to receive auditd events via syslog, there are some configuration files in /etc/audit such as audit.rules and auditd.conf, but don't think we have plugins for sending these via syslog. Could be wrong. Would have to check with a Gaia expert if you need a definitive answer.
Device syslog logs can of course be set up using the Gaia web UI or the clish CLI.
Retrieving data ...