--apply-now
|
Applies immediately any change that was done with the "add ", "set ", "delete ", or "reexport " command.
|
Optional
|
Optional
|
Mandatory
|
N / A
|
N / A
|
Mandatory
|
ca-cert <Path>
|
Specifies the full path to the CA certificate file *.pem .
|
Important - Applicable only when the value of the "encrypted " argument is "true ".
|
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
client-cert <Path>
|
Specifies the full path to the client certificate *.p12 .
|
Important - Applicable only when the value of the "encrypted " argument is "true ".
|
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
client-secret <Phrase>
|
Specifies the challenge phrase used to create the client certificate *.p12 .
|
Important - Applicable only when the value of the "encrypted " argument is "true ".
|
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
domain-server {mds | all}
|
On a , specifies the applicable Domain context.
On a , specifies the applicable Domain context.
|
Important:
|
|
Mandatory
|
Mandatory
|
Mandatory
|
N / A
|
Optional
|
Mandatory
|
enabled {true | false}
|
Specifies whether to allow the Log Exporter to start when you run the "cpstart " or "mdsstart " command.
Default: true
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
encrypted {true | false}
|
Specifies whether to use TSL (SSL) encryption to send the logs.
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
end-position <Position>
|
Specifies the end position, up to which to export the logs.
|
N / A
|
N / A
|
N / A
|
N / A
|
N / A
|
Optional
|
export-attachment-ids {true | false}
|
Specifies whether to add a field to the exported logs that represents the ID of log's attachment (if exists).
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
export-attachment-link {true | false}
|
Specifies whether to add a field to the exported logs that represents a link to SmartView that shows the log card and automatically opens the attachment.
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
export-link {true | false}
|
Specifies whether to add a field to the exported logs that represents a link to SmartView that shows the log card.
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
export-link-ip {true | false}
|
Specifies whether to make the links to SmartView use a custom IP address (for example, for a Log Server behind NAT).
|
Important - Applicable only when the value of the "export-link " argument is "true ", or the value of the "export-attachment-link " argument is "true ".
|
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
export-log-position {true | false}
|
Specifies whether to export the log's position.
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
filter-action-in {"Action1","Action2",... | false}
|
Specifies whether to export all logs that contain a specific value in the "" field.
Each value must be surrounded by double quotes ("").
Multiple values are supported and must be separated by a comma without spaces.
To see all valid values:
-
In , go to the view and open the tab.
-
In the top query field, enter and a letter.
Examples of values:
|
Important - This parameter replaces any other filter configuration that was declared earlier on this field directly in the filtering XML file. Other field filters are not overwritten.
|
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
filter-blade-in {"Blade1","Blade2",... | false}
|
Specifies whether to export all logs that contain a specific value in the "" field (the object name of the that generated these logs).
Each value must be surrounded by double quotes ("").
Multiple values are supported and must be separated by a comma without spaces.
To see all valid values:
-
In SmartConsole, go to the view and open the tab.
-
In the top query field, enter and a letter.
Examples of values:
Valid Software Blade families:
|
Important - This parameter replaces any other filter configuration that was declared earlier on this field directly in the filtering XML file. Other field filters are not overwritten.
|
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
filter-origin-in {"Origin1","Origin2",... | false}
|
Specifies whether to export all logs that contain a specific value in the "" field (the object name of the / that generated these logs).
Each origin value must be surrounded by double quotes ("").
Multiple values are supported and must be separated by a comma without spaces.
|
Important - This parameter replaces any other filter configuration that was declared earlier on this field directly in the filtering XML file. Other field filters are not overwritten.
|
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
format {generic | cef | json | leef | logrhythm | rsa | splunk | syslog}
|
Specifies the format, in which the logs are exported.
Default: syslog
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
name "<Name>"
|
Specifies the unique name of the Log Exporter configuration.
|
Notes:
-
Allowed characters are: Latin letters, digits ("0-9 "), minus ("- "), underscore ("_ "), and period (". ").
-
Must start with a letter.
-
The minimum length is two characters.
-
The "add " command creates a new target directory with the specified unique name in the $EXPORTERDIR/targets/ directory.
|
|
Mandatory
|
Mandatory
|
Mandatory
|
Optional.
By default, applies to all.
|
Optional.
By default, applies to all.
|
Mandatory
|
protocol {tcp | udp}
|
Specifies the Layer 4 Transport protocol to use (TCP or UDP).
There is no default value.
|
Mandatory
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
read-mode {raw | semi-unified}
|
Specifies the mode, in which to read the log files.
-
raw - Specifies to export log records without any unification.
-
semi-unified - Specifies to export log records with step-by-step unification. That is, for each log record, export a record that unifies this record with all previously-encountered records with the same ID.
Default: semi-unified Default: raw |
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
reconnect-interval {<Number> | default}
|
Specifies the interval (in minutes) after which the Log Exporter must connect again to the target server after the connection is lost.
To disable, enter the value "default ".
There is no default value.
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
start-position <Position>
|
Specifies the start position, from which to export the logs.
|
N / A
|
N / A
|
N / A
|
N / A
|
N / A
|
Optional
|
target-port <Target-Server-Port>
|
Specifies the listening port on the target server, to which you export the logs.
|
Mandatory
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
target-server <Target-Server>
|
Specifies the IP address or FQDN of the target server, to which you export the logs.
|
Mandatory
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|
time-in-milli {true | false}
|
Specifies whether to export logs with the time resolution in milliseconds.
Requires Security Gateways R81 and higher.
Default: false
|
Optional
|
Optional
|
N / A
|
N / A
|
N / A
|
N / A
|