Difference between revisions of "Export logs via Syslog"
From Tech-Wiki
(Created page with "Category:Check Point '''Back to Gaia''' Forwarding Traffic Logs stored on the Management Server to Syslog Server 1. Add the below lines in the /etc/...") |
|||
| Line 13: | Line 13: | ||
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info | > add syslog log-remote-address <IP-address_of_Syslog_Server> level info | ||
| + | |||
| + | If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server, set the gateway to forward logs to this server, then set this flag on gateway: | ||
| + | |||
| + | # fw ctl set int fwsyslog_enable 1 | ||
| + | |||
| + | And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots) | ||
Revision as of 17:22, 3 February 2019
Forwarding Traffic Logs stored on the Management Server to Syslog Server
1. Add the below lines in the /etc/rc.d/init.d/cpboot file.
fw log -f -t -n -l 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger -p local4.info -t CP_FireWall &
2. After this we are able to see the firewall logs in the /var/log/message directory in addition to the original firewall logs as well.
3. Now, send these messages to remote syslog server. Configure the following in clash:
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info
If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server, set the gateway to forward logs to this server, then set this flag on gateway:
# fw ctl set int fwsyslog_enable 1
And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots)