Configuring Logging

Each Endpoint Security client sends logs to the Endpoint Security Server (Endpoint Policy ServerClosed Endpoint Policy Server improves performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server handles heartbeat and synchronization requests, Policy downloads, Anti-Malware updates, and Endpoint Security client logs. or Endpoint Security Management ServerClosed A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data.) to which the client is connected.

To see all collected logs together in the Logs tab of the SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Logs & Monitor view, you must configure Log Indexing for each Endpoint Security Server in the SmartConsole.

Do this procedure for each Endpoint Security Server.

To configure Logging from one Endpoint Security Server to a different Endpoint Security Server:

  1. Open SmartConsole and connect to the Endpoint Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

  2. Open the Endpoint Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. object.

  3. In the tree of the window that opens, select Logs > Log Server.

  4. Select Enable Log Indexing.

  5. Click OK.

  6. Select Menu > Install Database and install the database on all hosts.

  7. Run cprestart on the Endpoint Security Management Server.