This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jfmoral
Participant
Participant
‎2022-07-05 10:57 AM

Send Radware syslog messages to Smart Event

Hi.

Does anyone know how can I see syslog messages sent by Radware DDoS appliances in SmartEvent?

I've already configured syslog in Radware Appliances, and I selected the "Accept syslog messages" on SmartEvent configuration.

Do I have to configure something special to receive syslog messages?

 

Thanks in advance.

SmartEvent Smart-1 Appliances 

SmartEvent
SmartEvent
Quantum
Smart-1 Appliances
Smart-1 Appliances
Quantum
0 Kudos
9 Replies
the_rock
Legend
Legend
‎2022-07-05 01:49 PM

Im not personally aware of any special config. Is there communication back and forth?

 

Andy

0 Kudos
jfmoral
Participant
Participant
‎2022-07-05 02:13 PM
In response to the_rock

Yes, I created a special rule to permit traffic between Radware appliances and SmartEvent.

I don't see any syslog traffic.

0 Kudos
the_rock
Legend
Legend
‎2022-07-05 02:23 PM
In response to jfmoral

Can you run zdebug on the fw to see if traffic is getting dropped?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-07-05 03:07 PM

Did you follow the steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
jfmoral
Participant
Participant
‎2022-07-05 05:12 PM
In response to PhoneBoy

DDoS Appliances were implemented by a Radware engineer, those appliances are working correctly and don't have Analytics License, that's why the customer want to send the syslog messages to SmartEvent.

0 Kudos
the_rock
Legend
Legend
‎2022-07-05 05:38 PM
In response to jfmoral

If I were you, I would do some captures on the firewall to make sure thats not blocking this traffic.

0 Kudos
jfmoral
Participant
Participant
‎2022-07-05 05:40 PM
In response to the_rock

Yes, tomorrow I will capture traffic.

I'll share you the results.

the_rock
Legend
Legend
‎2022-07-05 05:54 PM
In response to jfmoral

Here are commands I would run...say Radware ip is 10.10.10.100, I would run below commands:

tcpdump -nni any host 10.10.10.100

fw monitor -e "accept host(10.10.10.100);"

fw monitor -F '10.10.10.100,0,0,0,0' -F '0,10.10.10.100,0,0,0'

fw ctl zdebug + drop | grep 10.10.10.100

Andy

0 Kudos
_Val_
Admin
Admin
‎2022-07-06 12:00 AM
In response to PhoneBoy

In addition to what PhoneBoy said, you may want to look into sk55020 as well

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events