On This Page
Configuring Check Point Syslogs
For general information about sending syslogs, see Sending Additional Information using Syslog.
To get full accountability details (who made policy changes and when) and to utilize rule and object usage reporting, you must get your Check Point devices to send syslogs to SecureTrack by defining SecureTrack as a syslog server on each device.
By default, Check Point management servers (SmartCenters and Provider-1 CMAs) store audit logs that track administrative actions locally, rather than sending them to the Log Server or CLM. In this case, SecureTrack retrieves logs from the management server, not the Log Server or CLM. However, if you configured your management server to send traffic logs to the Log Server or CLM, you must also configure SecureTrack to retrieve logs from there.
You must configure the log exporter on your CMA/SMC device. If you have a CLM log server, configure the log exporter on that as well to include traffic logs.
In R22-2 PGA.0.0 , you can receive Check Point Syslogs over UDP / non-encrypted TCP only. From R22-2 PHF1.0.0 , you can receive Check Point Syslogs over UDP or Encrypted TCP only.
Syslog traffic must be configured to arrive to the SecureTrack cluster that monitors the device at the Syslog VIP, which defines the transport protocol - UDP/TCP and port as well.
For more information see Sending Additional Information via Syslog.
The firewalls in the organization must be configured to allow the relevant traffic
