This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bernardes
Advisor
‎2023-04-15 02:00 PM
Jump to solution

What is the best practices for export logs ?

Hello Mates!

Is there any documentation or best practice for exporting logs from SmartEvent/Log Server to an external server?

How do you recommend doing it?

Scripts via SSH? Export option via SmartConsole? Is there any other way? Any native integration with a backup solution?

Thank you all!

0 Kudos
2 Solutions

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2023-04-15 07:38 PM
Jump to solution

Are you looking to do it for archive purposes due to space / retention reasons or as an actual backup and do you have Management High Availability deployed?

Example Scripts:
https://community.checkpoint.com/t5/Management/Automate-Log-copy-to-external-SFTP/m-p/125112 

 

Best Practice:

sk122323: Log Exporter - Check Point Log Export
sk108902: Best Practices - Backup on Gaia OS
sk98126: Best Practices - Configuration of logging from Security Gateway to Security Management Server / Log Server

Refer also:

sk92440: Move log files off Security Management Server for viewing at a later time
sk30569: Performing SCP (Secure Copy) between SecurePlatform/Gaia Servers

CCSM R77/R80/ELITE

View solution in original post

(1)
the_rock
Legend
Legend
‎2023-04-16 04:04 PM
In response to Bernardes
Jump to solution

Hey @Bernardes 

We always use below for customers and works well.

sk122323: Log Exporter - Check Point Log Export

You can use that to send wherever you like...mostly, I know people use SIEM solution.

View solution in original post

(1)
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-04-15 07:38 PM
Jump to solution

Are you looking to do it for archive purposes due to space / retention reasons or as an actual backup and do you have Management High Availability deployed?

Example Scripts:
https://community.checkpoint.com/t5/Management/Automate-Log-copy-to-external-SFTP/m-p/125112 

 

Best Practice:

sk122323: Log Exporter - Check Point Log Export
sk108902: Best Practices - Backup on Gaia OS
sk98126: Best Practices - Configuration of logging from Security Gateway to Security Management Server / Log Server

Refer also:

sk92440: Move log files off Security Management Server for viewing at a later time
sk30569: Performing SCP (Secure Copy) between SecurePlatform/Gaia Servers

CCSM R77/R80/ELITE
(1)
Bernardes
Advisor
‎2023-04-16 10:00 AM
In response to Chris_Atkinson
Jump to solution

Hello @Chris_Atkinson , thank you very much for your answer!

I need to do this just to keep the logs from a specific customer safe out of the SmartEvent /Log Server VM and if needed in the future, be able to reread them in SmartConsole.

I have read some of these SKs like:

sk122323: Log Exporter - Check Point Log Export
sk108902: Best Practices - Backup on Gaia OS

sk30569: Performing SCP (Secure Copy) between SecurePlatform/Gaia Servers

But the others that you sent I didn't know. I'll study them to understand them better.

Which option do you particularly use to perform in a production environment?

0 Kudos
the_rock
Legend
Legend
‎2023-04-16 04:04 PM
In response to Bernardes
Jump to solution

Hey @Bernardes 

We always use below for customers and works well.

sk122323: Log Exporter - Check Point Log Export

You can use that to send wherever you like...mostly, I know people use SIEM solution.

(1)
Bernardes
Advisor
‎2023-04-16 08:36 PM
In response to the_rock
Jump to solution

@the_rock  Thank you for the advice!

 

I'll try it in a lab before deploying in the customer, but it really seems to be the better and fast way to do that.

0 Kudos
Bernardes
Advisor
‎2023-04-16 08:38 PM
Jump to solution

Thank You all Guys for the great collaboration like always!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events