Difference between revisions of "Export logs via Syslog"
From Tech-Wiki
(Created page with "Category:Check Point '''Back to Gaia''' Forwarding Traffic Logs stored on the Management Server to Syslog Server 1. Add the below lines in the /etc/...") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
1. Add the below lines in the /etc/rc.d/init.d/cpboot file. | 1. Add the below lines in the /etc/rc.d/init.d/cpboot file. | ||
− | fw log -f -t -n -l 2> /dev/null | awk | + | fw log -f -t -n -l 2> /dev/null | awk 'NF' | sed '/^$/d' | logger -p local4.info -t CP_FireWall & |
2. After this we are able to see the firewall logs in the /var/log/message directory in addition to the original firewall logs as well. | 2. After this we are able to see the firewall logs in the /var/log/message directory in addition to the original firewall logs as well. | ||
− | 3. Now, send these messages to remote syslog server. Configure the following in | + | 3. Now, send these messages to remote syslog server. Configure the following in clish: |
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info | > add syslog log-remote-address <IP-address_of_Syslog_Server> level info | ||
+ | |||
+ | If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server (which require add-on sk105412), set the gateway to forward logs to this server, then set this flag on gateway: | ||
+ | |||
+ | # fw ctl set int fwsyslog_enable 1 | ||
+ | |||
+ | And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots) |
Latest revision as of 18:38, 25 February 2019
Forwarding Traffic Logs stored on the Management Server to Syslog Server
1. Add the below lines in the /etc/rc.d/init.d/cpboot file.
fw log -f -t -n -l 2> /dev/null | awk 'NF' | sed '/^$/d' | logger -p local4.info -t CP_FireWall &
2. After this we are able to see the firewall logs in the /var/log/message directory in addition to the original firewall logs as well.
3. Now, send these messages to remote syslog server. Configure the following in clish:
> add syslog log-remote-address <IP-address_of_Syslog_Server> level info
If you want to forward directly from gateways to syslog devices instead, create an OPSEC Syslog server (which require add-on sk105412), set the gateway to forward logs to this server, then set this flag on gateway:
# fw ctl set int fwsyslog_enable 1
And push the policy. (remember to set this to $FWDIR/boot/modules/fwkern.conf to persist across reboots)