CheckPoint Integration ( Syslog )

SSH to the remote Syslog server and type in the following commands, with "logsignip" being the IP address of the remote Logsign system.

1. # echo "local0.info @logsignip" >> /etc/syslog.conf
2. # service syslog restart
3. # cpstop
4. # cpstart
5. # fw log -ftnl | logger -p local0.info -t Firewall &
6. # echo "fw log -ftnl | logger -p local0.info -t Firewall &" >> /etc/init.d/cpboot

Logsign Configuration :

1. Go to "Settings" → "Device List" then click on "Add new source" :

2. Select "SYSLOG" as source type :

3. Select "CheckPoint" :

4. Select "Syslog" :

5. Provide the following information :

  • IP : The IP address of the remote Syslog server.

  • Description : "Checkpoint XYZ", XYZ being a meaningful name about the remote system.

  • Tag : "Checkpoint"

Have more questions? Submit a request

Comments