Configuring Check Point Syslogs

What is Syslog for Check Point devices?

The syslog mechanism is used to pass policy change and traffic information from Check Point devices to SecureTrack. See Syslog VIP.

Why Do I Want to Use Syslog for My Check Point Devices?

For Check Point devices, this process lets users set up and use an alternative syslog mechanism for log collection instead of LEA logging.

Prerequisites

• Your company must have an existing root CA and passphrase.

• Before you start:

  • Verify that the machine that sends the logs and the Tufin server that monitors the management device are able to communicate on TCP port 6514.

  • Ensure that the Check Point Log Exporter is installed on your management device.

    Create the log_exporter with the cp_log_export add command, as described in the Check Point Support Center: SecureKnowledge Details > Log Exporter - Check Point Log Export (Solution ID sk122323)

Compatibility issues

This setup is for Check Point R77 and R80 devices.

How do I set up syslog for Check Point?

The following process is required to set up a syslog mechanism for log collection for Check Point devices:

1. Create a Server Certificate for NGINX on the Tufin server.
2. Configure NGINX for mutual TLS authentication.
3. Create a client certificate for log_exporter on the Check Point server.
4. Modify the log_exporter configuration.