Connecting R80.30 SmartEvent to R77.xx Multi-Domain Server

You can connect R80.30 SmartEvent components to one or more Domains in an R77.xx Multi-Domain Security Management environment.

This procedure explains how to configure a dedicated server for these components:

• SmartEvent Server and SmartEvent Correlation Unit

Configure SmartEvent to read logs from one domain or a number of domains.

To connect R80.30 SmartEvent Server and SmartEvent Correlation Unit to an R77.xx Multi-Domain Server:

1. Open an SSH connection to the Correlation Unit server.
2. Run this script: $RTDIR/scripts/SmartEvent_R80_change_dbsync_mode.sh
3. Wait until the script has finished running. This is when cpstart has finished and you have a prompt.
4. Open R77.xx SmartDomain Manager.
5. Log in to the Global Domain:
6. Create a Check Point Host object for the dedicated server for SmartEvent Server R80.30. Define it with the highest version possible, and ignore the Warning message.
7. In the Check Point Host > Management, select these Management Blades:
   • Logging & Status
   • SmartEvent Server
   • SmartEvent Correlation Unit
8. Initialize SIC between the Multi-Domain Server and the new server for SmartEvent R80.30.
9. In the Logs page, click Enable Log Indexing.
10. Click OK.
11. Click Publish.
12. Reassign the global Policy for the Domains that use SmartEvent. For new Domains, create a new global assignment.
13. In each Domain Management Server, open SmartDashboard.
14. Click Menu > Policy > Install Database, on each Domain Management Server and Domain Log Server.
15. Wait until the server synchronizes and loads SmartEvent.
16. Click Save.
17. Install the Event Policy on the Correlation Unit: SmartEvent menu > Actions > Install Event Policy.

See also Advanced Configuration for a dedicated SmartEvent Server that is also a Correlation Unit.

Note - For R77.30 Gateways and lower: activate the firewall session for the network activity report.