Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bob111
Contributor

Log Exporter

Hello, I created a log exporter on my SMS to send logs in a syslog format.  when I look in /var/log/messages I see the logs but  every log looks like this: <time stamp> <name of firewall it was sent from> CheckPoint.

Is there another place where the logs are stored with more details?

Also, how can I send only audit logs?

0 Kudos
4 Replies
Tal_Paz-Fridman
Employee
Employee

Log Exporter is mainly used to export Check Point logs to other formats and external servers (for example SIEM)

I suggest reading the SK for Log Exporter:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

And the SK for Description of Fields in Check Point Logs if you want to dive deeper into specific fields:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
PhoneBoy
Admin
Admin

Are you exporting logs to your management server's syslog daemon?
That's definitely not the use case for Log Exporter.

In any case, if you want just audit logs, you'll need to configure Log Exporter to do just that.
Refer to the SK that @Tal_Paz-Fridman linked to.

bob111
Contributor

No, my target-server is another virtual machine but the logs I see do not contain any information.

The log in the attached photo is what I see. 

0 Kudos
Tal_Paz-Fridman
Employee
Employee

It should look something like this:

2023-01-19 12_13_35-Untitled - Paint.png

I consulted with the experts here:

That depends on what kind of server you are using has. The path you wrote “/var/log/messages” is being used in r-syslog or syslog-ng servers (by default). If the logs arrive properly to the server it’s possible the server modifies them afterward for some reason.

CC @Arnon_Berman 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events