Log Exporter

What can I do here?

Use this window to select or create a Log Exporter.

The Log Exporter exports Gateway logs to syslog/SIEM servers

What background information do I need to know?

Getting Here

Getting Here:

Gateways & Servers > Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. > Logs > Export

or:

Gateways & Servers > Dedicated Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. > Logs > Export

Understanding Log Exporter

Log Exporter is a multi-threaded daemon service which runs on a log server. The Log Exporter daemon reads each log, transforms it into the desired format and mapping, and sends it to the configured target.

On Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. / Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS., if Log Exporter is deployed on several Domains, each Domain Server has its own Log Exporter daemon service. If you export the logs to several targets, each target has its own Log Exporter daemon.

Log Exporter is implemented as the "E-T-L" procedure:

Log Exporter stops exporting when disconnected from the 3rd party server and remembers the last position exported. After the connection is established again, Log Exporter automatically starts exporting logs from the last known position. Log Exporter is exporting both online and offline (if any) logs in parallel. In case the 3rd party server is slow, Log Exporter reduces the offline exporting rate to prioritize the online logs over the offline logs.

For more, see: R81 Logging and Monitoring Administration Guide.