Versions Compared

Old Version 7

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Aaron Gabriel (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Topics Discussed

...

Insert excerpt
Obtain Log Relay for Remote Log Collection
Obtain Log Relay for Remote Log Collection
nameRemote Log Collection Permissions
nopaneltrue

You can use this document to add a remote log collector to a Check Point remote device (log source).

Pre-Deployment Considerations

...

  1. Log into the Check Point box via Secure Shell (SSH).

  2. Enter the "expert" command to access Expert mode, then follow the onscreen prompts to enter your credentials:

  3. Enter the following command to configure the log exporter to send the logs to the log relay:

    Anchor
    step-3a
    step-3a

    Code Block
    cp_log_export add name <exporter name> enabled true target-server <log relay ip address> target-port 10003 protocol tcp format leef read-mode semi-unified

    1. In <exporter name>, insert the name that you wish to use for the log exporter, with no spaces.

      1. For example: Armor_Exporter

    2. In <log relay ip address>, insert the IP address of the log relay box.

    3. An example of the full command is shown below:

      Note

      The exporter will not start immediately.

  4. To start the exporter, enter the following command:

    Code Block
    cp_log_export restart name <exporter name>

    1. In <exporter name>, insert the name of the exporter that was used in step 3a.

    2. An example of the full command is shown below:

  5. Navigate to the directory that was created when you created the log exporter.

    Anchor
    step-5c
    step-5c

    1. To find this directory, run the following command:

      Code Block
      cd /; find . | grep -i <exporter name>

    2. Replace the LeefFieldsMapping.XML file with the following .xml file: leeffieldmapping.xml.

    3. Navigate to the conf directory, and replace the LeefFormatDefinition.XML file with the following .xml file: LeefFormatDefinition.xml.

    4. An example of the full command is shown below:

  6. Restart the Check Point Log Exporter by running the following command:

    Code Block
    cp_log_export restart name <log_exporter_name>

    1. An example of the full command is shown below:

  7. In the Check Point web GUI, go to System Management, then System Logging.

    1. Select the Send Syslog messages to management server checkbox.

    2. In the Remote System Logging box, add the IP address of the log relay.

    3. Keep Send Logs from Priority Level set to All.

...