Installing a Dedicated Log Server or SmartEvent Server

Workflow:

Install the Log Server or SmartEvent Server.
Configure the Log Server or SmartEvent Server object in SmartConsole.

Step 1 of 2: Install the Log Server or SmartEvent Server

Note - You can install a dedicated SmartEvent Server and a dedicated SmartEvent Correlation Unit.

Step	Description
1	Install the Gaia Operating System: Installing the Gaia Operating System on a Check Point Appliance Installing the Gaia Operating System on an Open Server
2	Run the Gaia First Time Configuration Wizard.
3	During the First Time Configuration Wizard, you must configure these settings: In the Installation Type window, select Security Gateway and/or Security Management. In the Products window: In the Products section, select Security Management only. In the Clustering section, in the Define Security Management as field, select Log Server / SmartEvent only. In the Security Management Administrator window, select one of these options: Use Gaia administrator Define a new administrator and configure it In the Security Management GUI Clients window, configure the applicable allowed computers: Any IP Address - Allows all computers to connect. This machine - Allows only the single specified computer to connect. Network - Allows all computers on the specified network to connect. Range of IPv4 addresses - Allows all computers in the specified range to connect. In the Secure Internal Communication window, enter the desired Activation Key (between 4 and 127 characters long).

Step

Description

Install the Gaia Operating System:

Run the Gaia First Time Configuration Wizard.

During the First Time Configuration Wizard, you must configure these settings:

In the Installation Type window, select Security Gateway and/or Security Management.
In the Products window:
1. In the Products section, select Security Management only.
2. In the Clustering section, in the Define Security Management as field, select Log Server / SmartEvent only.
In the Security Management Administrator window, select one of these options:
- Use Gaia administrator
- Define a new administrator and configure it
In the Security Management GUI Clients window, configure the applicable allowed computers:
- Any IP Address - Allows all computers to connect.
- This machine - Allows only the single specified computer to connect.
- Network - Allows all computers on the specified network to connect.
- Range of IPv4 addresses - Allows all computers in the specified range to connect.
In the Secure Internal Communication window, enter the desired Activation Key (between 4 and 127 characters long).

Step 2 of 2: Perform initial configuration in SmartConsole

Step	Description
1	Connect with SmartConsole to the Security Management Server that works with this Log Server or SmartEvent Server.
2	From the left navigation panel, click Gateways & Servers.
3	Create a new Check Point Host object that represents the dedicated Log Server or SmartEvent Server in one of these ways: From the top toolbar, click the New () > More > Check Point Host. In the top left corner, click Objects menu > More object types > Network Object > Gateways & Servers > New Check Point Host. In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > Check Point Host.
4	Click the General Properties page.
5	In the Name field, enter the desired name.
6	In the IPv4 Address and IPv6 Address fields, enter the applicable IP addresses.
7	In the Platform section: In the Hardware field, select the applicable option In the Version field, select R80.20 In the OS field, select Gaia
8	On the Management tab, select the applicable Software Blades: For the Log Server, select: Logging & Status Identity Logging, if you work with Identity Awareness Software Blade For the SmartEvent Server, select: SmartEvent Server SmartEvent Correlation Unit Note - You can install a dedicated SmartEvent Server and a dedicated SmartEvent Correlation Unit.
9	Establish the Secure Internal Communication (SIC) between the Management Server and this dedicated Log Server or SmartEvent Server: In the Secure Internal Communication field, click Communication. Enter the same Activation Key you entered during the First Time Configuration Wizard of the dedicated Log Server or SmartEvent Server. Click Initialize. The Trust state field must show Established. Click Close.
10	In the left tree, configure the desired settings.
11	Click OK.
12	In the SmartConsole top left corner, click Menu > Install database.
13	Select all objects.
14	Click Install.
15	Click OK.

Disk space for logs and indexes:

The Log Server or SmartEvent Server with Log Indexing enabled, creates and uses index files for fast access to log file content. Index files are located by default at $RTDIR/log_indexes/.

To make sure that there is always sufficient disk space on the Log Server or SmartEvent Server, the server that stores the log index deletes the oldest index entries when the available disk space is less than a specified minimum. The default minimum value is 5000 MB, or 15% of the available disk space.

To configure the desired minimum disk space:

Step	Description
1	Connect with SmartConsole to the applicable Management Server that manages the dedicated Log Server or SmartEvent Server.
2	Edit the object of the dedicated Log Server or SmartEvent Server.
3	Click Logs > Storage.
4	Select When disk space is below <number> Mbytes, start deleting old files.
5	Enter the desired disk space value.
6	Click OK.

Note - In a Multi-Domain Security Management environment, the Multi-Domain Server controls the disk space for logs and indexes. The configured disk space applies to all Domain Management Servers. Configure the desired disk space in the Multi-Domain Server object.

For more information, see the: