Versions Compared

Old Version 5

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

compared with

New Version 6

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Version published after converting to the new editor

Insert excerpt
ESLP:Permissions for Log Relay and Remote Log Collection (snippet)
ESLP:Permissions for Log Relay and Remote Log Collection (snippet)
nopaneltrue

You can use this document to add a remote log collector to a Check Point remote device (log source).


Pre-Deployment Considerations

...

  1. Log into the Check Point box via Secure Shell (SSH).

  2. Enter the "expert" command to access Expert mode, then follow the onscreen prompts to enter your credentials:

  3. Enter the following command to configure the log exporter to send the logs to the log relay:

    Anchor
    step 3a
    step 3a

    Code Block
    themeMidnight
    cp_log_export add name <exporter name> enabled true target-server <log relay ip address> target-port 10003 protocol tcp format leef read-mode semi-unified
    1. In <exporter name>, insert the name that you wish to use for the log exporter, with no spaces.
      1. For example: Armor_Exporter
    2. In <log relay ip address>, insert the IP address of the log relay box.

    3. An example of the full command is shown below:

      Note

      The exporter will not start immediately.


  4. To start the exporter, enter the following command:

    Code Block
    themeMidnight
    cp_log_export restart name <exporter name>
    1. In <exporter name>, insert the name of the exporter that was used in step 3a.

    2. An example of the full command is shown below:

  5. Navigate to the directory that was created when you created the log exporter.
    Anchor
    step 5c
    step 5c

    1. To find this directory, run the following command:

      Code Block
      themeMidnight
      cd /; find . | grep -i <exporter name>


    2. Replace the LeefFieldsMapping.XML file with the following .xml file: leeffieldmapping.xml.

    3. Navigate to the conf directory, and replace the LeefFormatDefinition.XML file with the following .xml file: LeefFormatDefinition.xml.

    4. An example of the full command is shown below:

  6. Restart the Check Point Log Exporter by running the following command:

    Code Block
    themeMidnight
    cp_log_export restart name <log_exporter_name>
    1. An example of the full command is shown below:

  7. In the Check Point web GUI, go to System Management, then System Logging.

    1. Select the Send Syslog messages to management server checkbox.
    2. In the Remote System Logging box, add the IP address of the log relay.
    3. Keep Send Logs from Priority Level set to All.

...