Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Configuring a Dedicated Logging Port

Description The 61000/41000 Security System logging mechanism lets each SGM forward logs directly to a logging server over the SSM's management ports. However, management ports can experience a high load when a large number of logs are forwarded. Load on the SSM management ports can be significantly reduced by:

  • Setting up a dedicated SSM port for logging
  • Assigning the dedicated logging port to each SGM

To set up a dedicated logging port:

  1. Install a log server and create an object for it in SmartDashboard.
  2. Connect the log server directly to a management port on the SSM.

    Important - Do not use the same port which connects to the Security Management server.

  3. In gclish, run the set interface command to configure the port as a dedicated logging port:

Syntax

set interface <interface> ipv4-address <IP> mask-length <length>

 

Parameter

Description

interface

The interface that connects directly to the log server.

ipv4-address

IPv4 address of the logging server

mask-length <length>

mask length

 

Example

set interface eth1-Mgmt2 ipv4-address 2.2.2.10 mask-length 24

Output

Notes

  • For each SGM, eth1-Mgmt2 is set as a unique logging port
  • 2.2.2.0/24 is the logging server network or leads to the logs server network.

Connecting to the logging server:

  1. Open SmartDashboard.
  2. Open the Single Management Object (SMO ) for the 61000/41000 Security System.
  3. On the Logs and Masters > Log Servers page, select Define Log Servers.
  4. Select the dedicated log server.
  5. Install policy.

Note -

  • The SMO in SmartDashboard makes sure that return traffic from the logging server, such as ACKS, reaches the correct SGM.
  • 61000/41000 Security System can be configured to send logs to more than one log server.
 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print