Monitoring Check Point CLM/Log Server Devices

Overview

Configure monitoring of Check Point servers in this order:

  1. Provider-1 MDS

  2. SmartCenter servers and Provider-1 CMAs

  3. Log Servers and CLMs

CLM and log server configuration is only needed when selecting LEA Authentication. If you are using syslogs, see Configuring Check Point Syslogs.

Prerequisites

To allow the SecureChange Designer tool to provision changes to Check Point devices, the API user must have a Read/Write All permission profile or a customized profile with API and change permissions for all policies and objects.

Add a Device

  1. Select Check Point > CLM/Log Server:

  2. Configure the device settings:

    Depending on the Check Point server type, some or all of the following options will appear:

    • Device Type: Check Point CLM/Log Server
    • Name for Display

    • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

    • Associated Management: The SmartCenter sending logs to the Log Server, or the CMA sending the logs to the CLM.
    • Get revisions from: One of the following:
      • IP Address: Revisions are retrieved automatically
      • Offline File: (If available) Revisions are manually uploaded to SecureTrack for Offline Analysis
        This option is not available for Check Point CLM/Log Server devices.

    • ST server: In a distributed deployment, select which TOS cluster monitors this device (not shown in image)

  3. Click Next.

  4. Configure the OPSEC communication settings:  
    • Default
    • Custom - Configure the LEA Authentication fields:
      • Authentication Mode - Some options require you to enter an SL or FWN1 Secret Key in the Authentication Keys section and Establish Authentication Key.
      • Port

  5. Click Next.

  6. You can test the communication with the Check Point server by clicking Test Connectivity:

    New CP CMA stage 5

  7. Click Save.

    The Check Point device is shown in the Device Configuration list.

    If you use non-standard LEA authentication, see Non-Standard LEA Authentication.

  8. If you have a secondary Check Point management server, configure SecureTrack to communicate with the secondary server in the event of a failover.

Configure a Monitored Device

After you add a device, further configuration options are available.

Options vary depending on your environment.

  • Edit configuration: Use the wizard to modify selected device settings. See Add a Device in this topic.

  • Delete this device: Type yes to confirm that you want to delete the device.

  • Test Connectivity: Confirms connectivity between SecureTrack and the device.

How Do I Get Here?

SecureTrack > Monitoring > Manage Devices