On This Page
Modify the log_exporter Configuration
This procedure describes how to modify the configuration of the existing log-exporter instance and covers both UDP and TCP.
The TCP option requires encryption. If you are going to use encryped TCP, start with Configuring Check Point Syslogs Over Encrypted TCP.
The procedure must be performed on your CMA/SMC device and if you have a separate CLM log server it must be performed on that as well to include traffic logs. Make sure you define the same log ID on both.
-
Create the log_exporter with the
cp_log_export add
command, as described in the Check Point Support Center: SecureKnowledge Details > Log Exporter - Check Point Log Export (Solution ID sk122323). Enter a protocol of either udp or tcp.cp_log_export add name <Name> [domain-server {mds | all}] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol udp/tcp format {syslog}
-
If you are going to use encrypted TCP, specify your certificate details, obtained previously in Configuring Check Point Syslogs Over Encrypted TCP.
-
Edit the log exporter configuration file:
For devices before R81.20, use this command:
-
Verify the creation of the log exporter.
The log exporters are listed.
-
Access the appropriate domain environment.
-
Copy the syslogFormatDefinition.xml global file and name the new file after the log exporter target name.
cp /opt/CPrt-R81.20/log_exporter/conf/SyslogFormatDefinition.xml /opt/CPmds-R81.20/customers/CMA_R81.20_9.154_Server/CPrt-R81.20/log_exporter/targets/st_32.168_udp/conf
cp /opt/CPrt-R81.20/log_exporter/conf/SyslogFormatDefinition.xml /opt/CPmds-R81.20/customers/CMA_R81.20_9.154_Server/CPrt-R81.20/log_exporter/targets/st_32.168_udp/conf -
Navigate to the new target log exporter file.
-
Modify the targetConfiguration.xml file.
-
In the targetConfiguration.xml file, update the "formatHeaderFile" field under "Format header configuration" to use the path "./conf/SyslogFormatDefinition.xml"
-
Edit the file:
From:
<!-- HOSTNAME--> <header> <default_value>-</default_value> <assign_order>init</assign_order> <callback> <name>get_host_name_callback</name> </callback> </header>
To:
<!-- HOSTNAME--> <header> <default_value><Desired-Log-ID-Name></default_value> </header>
where
<Desired-Log-ID-Name>
is a string of your choice. We recommend using sequential strings of numbers to name your log exports.Example:
10000
,10001
,10002
The log name defined here will be used when adding Check Point devices to SecureTrack.
-
Restart the log_exporter instance:
cp_log_export restart name <exporter-name>