Log Server Deployment Scenarios

Security Gateways generate logs. The Security PolicyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. on each Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. controls which rules generate log entries. In a Multi-Domain Security Management environment, the Security Gateways send logs to a Domain Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. or to Domain Log Servers.

Domain Management ServersClosed Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS. and Multi-Domain Servers also generate audit logs. The system typically saves audit logs on a Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., which automatically synchronizes to other Multi-Domain Servers in a High Availability deployment.

You can use one of these strategies to deploy Domain Log Servers in a Multi-Domain Security Management environment:

  1. Each Domain has one Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. on a Multi-Domain Server (default).

  2. Each Domain keeps its Domain Log Servers on one or more Multi-Domain Log Servers. If this Domain has more than one Domain Log Server, you must install each one on a different Multi-Domain Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs in a Multi-Domain Security Management environment. The Multi-Domain Log Server consists of Domain Log Servers that store and process logs from Security Gateways that are managed by the corresponding Domain Management Servers. Acronym: MDLS..

    Best Practice - Use this strategy in large, geographically distributed environments.

  3. Each Domain Security Gateway works as the Log Server for its own logs. This is known as local logging.

For additional information, see Deploying a Domain Dedicated Log Server.