Modify the log_exporter configuration

This procedure describes how to modify the configuration of the existing log-exporter instance for TLS.

Configuration Prerequisites

• Ensure that the Check Point Log Exporter is installed on your management device.

  Create the log_exporter with the cp_log_export add command, as described in the Check Point Support Center: SecureKnowledge Details > Log Exporter - Check Point Log Export (Solution ID sk122323)

• It is assumed that certificate generation occurs on another machine. Before you configure the log_exporter, transfer the following files to the Check Point machine:

  • ca.pem
  • client.p12

Configuration

1. Run the following:

   cp_log_export set name <exporter-name> domain-server <domain-server> ca-cert <path_to_CA_pem> client-cert <path_to_p12_certificate> client-secret <challenge_phrase_for _p12>

2. Restart the log_exporter instance with the command:

   cp_log_export restart name <exporter-name>

3. Configure the log_id:

   edit <exporter-name>/conf/SyslogFormatDefinition.xml

4. Perform the following change to the existing file:

   From:

   <!-- HOSTNAME-->	
     <header>
       <default_value>-</default_value>
       <assign_order>init</assign_order>
         <callback>
           <name>get_host_name_callback</name>
         </callback>
     </header>

   To:

   <!-- HOSTNAME-->
     <header>
       <default_value><Desired-Log-ID-Name></default_value>
     </header>

   The desired-log-id string must be the same as the Log ID you configure in Tufin:

   

5. Restart the log_exporter instance:

   cp_log_export restart name <exporter-name>