Print Download PDF Send Feedback

Previous

Next

System Logging

Configure the settings for the system logs, including sending them to a remote server. Make sure to configure the remote server to receive the system logs.

Configuring System Logging - Gaia Portal

This section includes procedures for configuring System Logging and Remote System Logging.

System Logging configures if Gaia sends these logs:

Remote System Logging configures a remote syslog server, to which Gaia sends its syslog messages.

Note - There are some command options and parameters, which you cannot configure in the Gaia Portal.

To configure System Logging:

Step

Description

1

In the navigation tree, click System Management > System Logging.

2

In the System Logging section, select the applicable options:

 
  • Send Syslog messages to management server

    Specifies if the Gaia sends the Gaia system logs to a Check Point Management Server.

    Default: Not selected

    Note - This option is configured in the Gaia Clish with the set syslog cplogs {on | off} command.

 
  • Send audit logs to management server upon successful configuration

    Specifies if the Gaia sends the Gaia audit logs (for configuration changes that authorized users make) to a Check Point Management Server.

    Default: Selected

    Note - This option is configured in the Gaia Clish with the set syslog mgmtauditlogs {on | off} command.

 
  • Send audit logs to syslog upon successful configuration

    Specifies if the Gaia saves the logs for configuration changes that authorized users make.

    Default: Selected

    To specify a desired Gaia configuration audit log file, run the set syslog filename </Path/File> command (otherwise, Gaia uses the default /var/log/messages file).

    Note - This option is configured in the Gaia Clish with the set syslog auditlog {disable | permanent} command.

3

Click Apply.

To configure Remote System Logging:

Step

Description

1

In the navigation tree, click System Management > System Logging.

2

In the Remote System Logging section, click Add.

3

In the IP Address field, enter the IPv4 address of the remote syslog server.

4

In the Priority field, select the severity level of the logs that are sent to the remote server.

These are the accepted values (as defined by the RFC 5424 - Section-6.2.1):

  • All - All messages
  • Debug - Debug-level messages
  • Info - Informational messages
  • Notice - Normal but significant condition
  • Warning - Warning conditions
  • Error - Error conditions
  • Critical - Critical conditions
  • Alert - Action must be taken immediately
  • Emergency - System is unusable

5

Click OK.

Important - Do not to configure two Gaia computers to send system logs to each other - directly, or indirectly. Such configuration creates a syslog forwarding loop, which causes all syslog message to repeat indefinitely on both Gaia computer.

To edit Remote System Logging settings:

Step

Description

1

In the navigation tree, click System Management > System Logging.

2

In the Remote System Logging section, select the remote server.

3

Click Edit.

4

In the IP Address field, enter the IPv4 address of the remote syslog server.

5

In the Priority field, select the severity level of the logs that are sent to the remote server.

6

Click OK.

To delete Remote System Logging settings:

Step

Description

1

In the navigation tree, click System Management > System Logging.

2

In the Remote System Logging section, select the remote syslog server.

3

Click Delete.

4

In the confirmation window, click Yes.

Configuring System Logging - Gaia Clish

Description

Configure the System Logging and Remote System Logging.

System Logging configures if Gaia sends these logs:

Remote System Logging configures a remote server, to which Gaia sends its syslog messages.

Note - There are some command options and parameters, which you cannot configure in the Gaia Portal.

Syntax for System Logging configuration

Important - After you add, configure, or delete features, run the save config command to save the settings permanently.

Syntax for Remote System Logging configuration

Important - After you add, configure, or delete features, run the save config command to save the settings permanently.

Parameters

Parameter

Description

cplogs {on | off}

Specifies if the Gaia sends the Gaia system logs to a Check Point Management Server:

  • on - Send Gaia system syslogs
  • off - Do not send Gaia syslogs

Default: off

Note - This command corresponds to the Send Syslog messages to management server option in the Gaia Portal > System Management > System Logging.

mgmtauditlogs {on | off}

Specifies if the Gaia sends the Gaia audit logs (for configuration changes that authorized users make) to a Check Point Management Server:

  • on - Send Gaia audit logs
  • off - Do not send Gaia audit logs

Default: on

Note - This command corresponds to the Send audit logs to management server upon successful configuration option in the Gaia Portal > System Management > System Logging.

auditlog {disable | permanent}

Specifies if the Gaia saves the logs for configuration changes that authorized users make:

  • disable - Disables the Gaia audit log facility
  • permanent - Enables the Gaia audit log facility to save information about all successful changes in the Gaia configuration. To specify a desired destination file, run the set syslog filename </Path/File> command (otherwise, Gaia uses the default /var/log/messages file).

Default: permanent

Note - This command corresponds to the Send audit logs to syslog upon successful configuration option in the Gaia Portal > System Management > System Logging.

</Path/File>

Configures the full path and file name of the system log.

Default: /var/log/messages

Note - Gaia Portal does not let you configure this setting.

log-remote-address

Configures Gaia to send system logs to a remote syslog server.

Important - Do not configure two Gaia computers to send system logs to each other - directly, or indirectly. Such configuration creates a syslog forwarding loop, which causes all syslog messages to repeat indefinitely on both Gaia computers.

Note - This command corresponds to the Gaia Portal > System Management > Remote System Logging.

<IPv4 Address>

IPv4 address of the remote syslog server, to which Gaia sends its system logs.

  • Range: Dotted-quad ([0-255].[0-255].[0-255].[0-255])
  • Default: No default value

<Severity>

Syslog severity level for the system logging.

These are the accepted values (as defined by the RFC 5424 - Section-6.2.1):

  • emerg - System is unusable
  • alert - Action must be taken immediately
  • crit - Critical conditions
  • err - Error conditions
  • warning - Warning conditions
  • notice - Normal but significant condition
  • info - Informational messages
  • debug - Debug-level messages
  • all - All messages

Notes:

  • Until you configure at least one severity level for a given remote server, Gaia does not send syslog messages.
  • If you specify multiple severities, the most general least severe severity always takes precedence.

Example

gaia> set syslog auditlog permanent

 

gaia> set syslog filename /var/log/system_logs.txt

 

gaia> set syslog mgmtauditlogs on

 

gaia> set syslog cplogs on

 

gaia> set syslog log-remote-address 192.168.2.1 level all

 

gaia> show syslog all

Syslog Parameters:

Remote Address 192.168.2.1

Levels all

Auditlog permanent

Destination Log Filename /var/log/system_logs.txt

gaia>

 

gaia>show syslog auditlog

permanent

gaia>

 

gaia> show syslog cplogs

Sending syslog syslogs to Check Point's logs is enabled

gaia>

 

gaia> show syslog mgmtauditlogs

Sending audit logs to Management Serever is enabled

gaia>

 

gaia> show syslog filename

/var/log/system_logs.txt

gaia>

Configuring Log Volume - Expert Mode

On condition that there is enough available disk space, you can enlarge the log partition.

Use the lvm_manager tool from Expert mode:

Step

Description

1

Connect to the Gaia system over console.

2

Reboot the Gaia system.

3

During boot, press any key to enter the Boot menu.

Note - You have approximately 5 seconds.

4

Select Start in maintenance mode.

5

Enter the Expert mode password.

6

Use the interactive lvm_manager tool as described in the sk95566:

[Expert@HostName:0]# lvm_manager

Note - Disk space is added to the log volume by subtracting it from the disk space used to store backup images.

Redirecting RouteD System Logging Messages

By default, Gaia writes the RouteD syslog messages (for example, OSPF or BGP errors) to the /var/log/messages file. You can configure Gaia to write the RouteD syslog messages to the /var/log/routed_messages file instead.

To configure the redirection in the Gaia Portal:

Step

Description

1

In the navigation tree, click Advanced Routing > Routing Options.

2

In the Routing Process Message Logging Options section, select Log Routed Separately.

3

In the Maximum File Size field, enter the size (in megabytes) for each log file.

The default is 1 MB.

4

In the Maximum Number of Files field, enter the maximal number of log files to keep. The default is 10 log files (/var/log/routed_messages, /var/log/routed_messages.0, /var/log/routed_messages.1, ..., /var/log/routed_messages.9).

5

Click Apply.

To configure the redirection in the Gaia Clish

Step

Description

1

Connect to the command line on Gaia.

2

Log in to Gaia Clish.

3

Run these commands:

HostName> set routedsyslog on

 

HostName> set routedsyslog size <Number of MB between 1 and 2047>

 

HostName> set routedsyslog maxnum <Number of Files between 1 and 4294967295>

 

HostName> save config

For more information, see sk116436.

24 March 2019 © 2019 Check Point Software Technologies Ltd. All rights reserved.