Modify the log_exporter configuration

This procedure describes how to modify the configuration of the existing log-exporter instance for TLS.

Configuration Prerequisites

  • Ensure that the Check Point Log Exporter is installed on your management device.

    Create the log_exporter with the cp_log_export add command, as described in the Check Point Support Center: SecureKnowledge Details > Log Exporter - Check Point Log Export (Solution ID sk122323)

  • It is assumed that certificate generation occurs on another machine. Before you configure the log_exporter, transfer the following files to the Check Point machine:

    • ca.pem
    • client.p12

Configuration

  1. Run the following:

    cp_log_export set name <exporter-name> domain-server <domain-server> ca-cert <path_to_CA_pem> client-cert <path_to_p12_certificate> client-secret <challenge_phrase_for _p12>

  2. Restart the log_exporter instance with the command:

    cp_log_export restart name <exporter-name>

  3. Configure the log_id:

    edit <exporter-name>/conf/SyslogFormatDefinition.xml

  4. Perform the following change to the existing file:

    From:

    <!-- HOSTNAME-->	
      <header>
        <default_value>-</default_value>
        <assign_order>init</assign_order>
          <callback>
            <name>get_host_name_callback</name>
          </callback>
      </header>

    To:

    <!-- HOSTNAME-->
      <header>
        <default_value><Desired-Log-ID-Name></default_value>
      </header>

    The desired-log-id string must be the same as the Log ID you configure in Tufin:

  5. Restart the log_exporter instance:

    cp_log_export restart name <exporter-name>