Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Redirecting Alerts and Logs to External syslog server (asg_syslog)

Description

asg_syslog command should be used in order to redirect alert messages and firewall logs to remote syslog servers.

This command allows configuring the following:

  • Remote syslog servers either by IPv4 address or by hostname to log all alert messages.
  • Remote syslog servers to log FW logs.
  • Disable/Enable firewall logs to be sent to the Log Server. (Log Server is configured from SmartDashboard: Right-click gateway object > Edit > Logs and Masters > Log Servers)
  • Verify configuration consistency on all SGMs.
  • Recover configuration on all SGMs by forcing current SGM configuration on all SGMs.

asg_syslog is available only from Expert shell

Syntax:

asg_syslog <verify|print [ -v ]|recover>

Parameter

Description

<verify>

Verify configuration consistency on all SGMs

<print> [-v]

Print remote syslog servers configuration

<recover>

Recover configuration files on all SGMs and restart syslog service

Example 1

asg_syslog verify

Output 
------------------------------------------------------------------
|Service       |Path                                    |Result  |
------------------------------------------------------------------
|CPLog         |/etc/syslog_servers_list.conf           |Passed  |
------------------------------------------------------------------
|Alert         |/etc/syslog.conf                        |Passed  |
------------------------------------------------------------------

Notes

Configuration files on all SGMs are identical

Example 2 asg_syslog print

Output

       ---------------------------------------
         |Service       |Server IP     |Status  |
         ----------------------------------------
         |alert         |5.5.5.5       |disable |
         ----------------------------------------
         |alert         |6.6.6.6       |enable  |
         ----------------------------------------
         * Firewall logging is disabled

Syntax

Configure remote syslog servers for alerts:

Usage

 asg_syslog <disable|enable|set|delete> alert <IP address|hostname>

Configure remote syslog server for firewall logs:

Usage

 asg_syslog <disable|enable|set[-s <status>]|delete> cplog <IP address>

Note: When configuring alert syslog servers, syslog service is being restarted on all SGMs.

Parameter

Description

<set>

Set remote syslog server

-s <status>

Set connection with status <enable> or <disable>

<disable>

Disable sending Firewall logs / alerts to a remote syslog server defined by IP address or host name.

Note: disable operation will not remove the configuration. You can enable it again using the ‘enable’ parameter

<enable>

Enable sending Firewall logs / alerts to a remote syslog server defined by IP address or host name.

This parameter can be used after the remote server has been configure ( see ‘set’ parameter)

<delete>

Delete remote syslog server.

<ip address | host name>

IPv4 address or hostname of the remote syslog server. Hostname will be applicable when hostname resolution can be made, either via DNS or by static configuration.

 

Examples:

# asg_syslog set alert 5.5.5.5
Writing new configuration
Updating all SGMs with new configuration
Restarting syslog service on all SGMs
syslog alert server 5.5.5.5 configured successfully
----------------------------------------
|Service       |Server IP     |Status  |
----------------------------------------
|alert         |5.5.5.5       |enable  |
----------------------------------------
Firewall logging is disabled

# asg_syslog disable alert 5.5.5.5
Updating all SGMs with new configuration
Restarting syslog service on all SGMs
syslog alert server 5.5.5.5 status changed to disable

----------------------------------------
|Service       |Server IP     |Status  |
----------------------------------------
|alert         |5.5.5.5       |disable |
----------------------------------------
* Firewall logging is disabled

#asg_syslog set cplog 6.6.6.6 -s disable
Writing new configuration
Updating all SGMs with new configuration
syslog cplog server 6.6.6.6 configured successfully

----------------------------------------
|Service       |Server IP     |Status  |
----------------------------------------
|alert         |5.5.5.5       |disable |
----------------------------------------
|cplog         |6.6.6.6       |disable |
----------------------------------------
* Firewall logging is disabled

Syntax:

To Disable/Enable firewall logs to be sent to Firewall log server (i.e. SmartView Tracker):

asg_syslog < disable | enable > log_server

Parameter

Description

<disable>

Enable sending firewall logs to the log server.

(log server is configured in Smart Dashboard)

<enable>

Disable sending firewall logs to the log server.

(log server is configured in Smart Dashboard)

Example:

# asg_syslog disable log_server

# asg_syslog print -v         

--------------------------------------------------------------------------------
|Service       |Server IP     |Port          |Protocol#     |RFC version   |Status  |
--------------------------------------------------------------------------------
* Firewall logging is disabled
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print