Configuring Check Point Syslogs

What is Syslog for Check Point devices?

The syslog mechanism is used to pass policy change and traffic information from Check Point devices to SecureTrack. See Syslog VIP.

Why Do I Want to Use Syslog for My Check Point Devices?

For Check Point devices, this process lets users set up and use an alternative syslog mechanism for log collection instead of LEA logging.

Prerequisites

  • Your company must have an existing root CA and passphrase.

  • Before you start:

Compatibility issues

This setup is for Check Point R77 and R80 devices.

How do I set up syslog for Check Point?

The following process is required to set up a syslog mechanism for log collection for Check Point devices:

  1. Create a Server Certificate for NGINX on the Tufin server.
  2. Configure NGINX for mutual TLS authentication.
  3. Create a client certificate for log_exporter on the Check Point server.
  4. Modify the log_exporter configuration.