CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: Cant Add a Logging Server

  1. #1
    Join Date
    2010-02-24
    Posts
    1
    Rep Power
    0

    Default Cant Add a Logging Server

    Hi, I am a contractor and I have inherited a CP Express R60 and an IP300. I have been tasked with getting all network devices pushing their logs to a Snare server. All has gone well with the exception of the firewall.

    I enter the SmartDashboard select the firewall and chose edit>Log and Masters > Log Servers' screen from the left-hand pane. In the Log Server screen, I select the 'Define Log Servers' option, Click 'Add' under the 'Always send logs to' screen, but there are no logging servers listed.

    Asuming the logging server must be my Snare box, my question is "how do I add a logging server so that I can push my logs to my Snare server?"

    Thanks in advance.

  2. #2
    Join Date
    2007-04-10
    Location
    India
    Posts
    232
    Rep Power
    14

    Default Re: Cant Add a Logging Server

    Add a Checkpoint object and check only log server in the below option, it will be your log server and then you can add there.

    simple!!!!!

  3. #3
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    18

    Default Re: Cant Add a Logging Server

    I don't think that you will get the Check Point to send it's logs to a Snare Server, as the Log Server has to be a Check Point Log Server, and the Snare seems to be a Syslog Server.

    There is no module for Check Point on the website so I don't see how the Snare Server would accept the check point logs in there normal format on tcp257.

    In order to send check point logs to a server then you would need to define a new check point node, give the ip of the server, and tick the log server in the Check Point properties. You will also need to establish SIC between the SMARTCenter and the Log Server so you would need to have the Check Point software installed onto the Server.

    The new Log Server would then appear when trying to add a log server to the Gateway Definition.

    You could send the Nokia's IP300 logs to the Snare Server as from what I can tell the Snare will accept Syslogs and you can configure the Nokia to send to a syslog.

    This is done within the Voyager WebUI of the Nokia IP300.

    Under System Configuration, System Logging Configurayion.

    Note that this will be the logging for the Nokia OS, not the Firewall Rules logging.

    Whilst you are at it if they are that concerned about security, you may want to prod them that R60 is out of support. I would hazard a guess that likely to be an IP330 as well which is also end of life on the support front.

    If the interface def is not ethx but eth-sx-px then the IP300 is an IP330 and should be replaced.

    Appreciate you are just a contractor there but would still be best to point out to them.

Similar Threads

  1. Slow Logging to Sec Mgmt Server
    By chuachongchee in forum Management High Availability
    Replies: 1
    Last Post: 2007-11-13, 20:27
  2. Server Hardening / SmartCentre Logging
    By slands10 in forum Security Management Server (Formerly SmartCenter Server ((Formerly Management Server))
    Replies: 2
    Last Post: 2007-10-16, 06:39
  3. Introducing Smartcentre logging server into PR1 NGX
    By tangerine0072000 in forum Provider-1 (Multi-Domain Management)
    Replies: 4
    Last Post: 2007-02-08, 05:30
  4. migrated to new Mgmt server but no logging?
    By tdvit in forum Installing And Upgrading
    Replies: 3
    Last Post: 2006-08-18, 07:22
  5. migrated to new Mgmt server but no logging?
    By tdvit in forum SmartView Tracker
    Replies: 4
    Last Post: 2006-08-14, 11:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •