CME Monitoring

CME is integrated with Check Point logs to improve logging and monitoring.

Prerequisites

• CME Take 178 or higher installed on the Security Management or Multi-Domain Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server.. Run this command in Expert mode to verify the Take:

  autoprov_cfg -v

• CME Take 51 or higher installed on the Security Management or Multi-Domain Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. Run this command in Expert mode to verify the take:

  autoupdatercli show | grep -A 6 Infra_AutoUpdate

To monitor CME logs, use one of these options:

• Filter the logs in the SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. with this query syntax: blade:"CME"

• Configure Log Exporter to export all logs that belong to CME Blade.

  See the Logging and Monitoring R81.10 Administration Guide > Log Exporter > Configuring Log Exporter in CLI > Log Exporter Advanced Configuration in CLI for more information.

  For example on how to export CME logs to Splunk log server, run in Expert mode:

  cp_log_export add name <exporter name> target-server <log server IP> target-port <log server port> protocol tcp format splunk filter-blade-in CME

Note - In Multi-Domain Security Management environment, logs are displayed with respect to the environment, which means the domain’s logs are displayed in the domain’s console.

Log description:

Category	Description
General events	CME general information such as service start/stop and configuration changes (MDS global level only).
Autoscale-Group related events	Cloud account information such as scale-in/out success or failure.
Autoprovision process events	Provisioning Check Point Software Blade on a Management Server that manages large-scale deployments of Check Point Security Gateways using configuration profiles. Synonyms: SmartProvisioning, SmartLSM, Large-Scale Management, LSM. information such as add/remove gateway instance success or failure.