How do I configure remote syslog logging for Checkpoint firewall

 

 

 

Procedure

Define syslog server objects in SmartConsole.

  1. Connect with the SmartConsole
  2. From the left navigation panel, click Gateways and Servers
  3. Create the Hostobject that represents the Syslog server host

          In the Object Explorer, click New > Host

          Configure these fields:

             Name - Enter a unique name

             IPv4 address - Enter the correct IPv4 address of the syslog server

Click OK

 

mceclip1.png

 

  1. Create the Syslog Server object that represents the Syslog server:

          In the Object Explorer, click New > Server > More > Syslog

          Configure these fields:

              Name - Enter a unique name

              Host - Select an existing host or click New to define a new computer or appliance

              Port - Enter the correct port number on the syslog server (default = 514)

              Version - Select BSD Protocol 

Click OK

Close the Object Explorer.

 

Connect with SmartConsole to the Management Server.

     Select the configured syslog server objects in the Security Gateway / Cluster object.

         1. Double-click the Security Gateway object

         2. From the left tree, click Logs

         3, In the Send logs and alerts to these log servers table, click the green (+) button to select the Syslog Server object(s) you configured earlier

         4. Click OK

         5. Install policy.

 

Configure the logging properties of the Security Gateways / each Cluster Member.

     The fwsyslog_enable kernel parameter enables or disables the Syslog in Kernel feature on Security Gateways:

     Value 0 = Disabled (default)

     Value 1 = Enabled

You can enable or disable the Syslog in Kernel feature temporarily (until the Security Gateway reboots), or permanently (survives reboot).

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us
Provide feedback for the Documentation team!