Configuring External Log Servers

The Logs & Monitoring > Log Servers page lets you configure external log servers for security and system logs for additional logging storage.

To configure an external syslog server:

Under Syslog Servers, click Configure.

The External Syslog Server window opens.
Select Protocol:
- TLS Over TCP (secured) - Send system logs from gateways in a secured and encrypted fashion.
- UDP - Send security logs or system logs (not secured).
Enter a Name and IP address.
Enter a Port number.
Select Enable log server.
Optional - Select Show Obfuscated Fields. Obfuscated packets are shown as plain text.
Select logs to forward:
- System logs
- Security logs
- Both system and security logs
Note - When you select TLS Over TCP, you can only forward system logs. Security logs are not supported.
Click Apply.

Secured Syslog

Use Case

A system administrator wants to send system logs from the organization's gateways in a secured and encrypted fashion. Therefore, he selects TLS Over TCP as the protocol. UDP is not secure.

Notes:

Only one remote TLS server is supported.
The server CA must be trusted by Check Point.
The TLS server must be configured using its domain name. Only UDP allows you to configure the server by IP address.
The configured domain name must be identical to the domain name in the server's certificate.
Only system logs are supported.

To configure additional syslog servers:

Click Add Syslog Server.

To send security logs to syslog servers:

When you configure the log server, for Protocol select UDP.

Note - The security logs show in the syslog format, not in the security logs format.

To edit the external syslog server:

Click the Edit link next to the server's IP address.
Edit the necessary information.
Click Apply.

Note - When more than one server is defined, the syslog servers show in a table. Select the syslog server you want to edit and click Edit.

To delete the external syslog server:

Select the syslog server.
Click Delete.

The server is deleted.