Configuring Check Point for Non-Encrypted Syslogs

SecureChange Requester This topic is intended for TOS Administrators.

Overview

The syslog mechanism is used to pass policy change and traffic information from your devices to SecureTrack. For Check Point devices, you can configure syslogs, non-encrypted over UDP, as described here, or encrypted over TCP.

To configure encrypted syslogs, see Check Point Syslogs over encrypted TCP. For general information about sending syslogs to TOS, see Sending Additional Information using Syslog.

Filtering syslog events

To reduce the syslog volume sent to TOS, use Check Point's log exporter filter. Configure the filter on every Check Point device that sends syslogs to drop irrelevant events before they are exported.

For detailed information and instructions, see Filter configuration in Check Point’s official Log Exporter filter configuration guide.

Configure SecureTrack to retrieve audit/traffic logs

Configure the log exporter on all monitored MDSM CMA, SMC and CLM log server devices.

  1. Add to SecureTrack the first management server and its associated Log Server or CLM.

  2. In the Device Configuration list, select the relevant management server (not the log server).

  3. Click Edit configuration:

  4. Click Next and Next.

  5. In the stage 3 page, select Custom.

  6. Set your Check Point device to communicate with SecureTrack by syslog:

    Select Custom > Syslog Authentication.

    Enter the log ID from the Check Point log exporter.

    Select Protocol UDP.

  7. Click Next, and then Save.