If you are running Check Point R77.30 or later, you must first use Check Point Log Exporter for exporting Check Point logs over syslog to Cyfin. Click here for the instructions from Check Point Support.
Important Notes
Commands should be run in an SSH session switched to Expert mode.
Installation
Ensure that the Log Exporter is installed on a log server for Check Point R77.30 and R80.10. Log Exporter is already integrated in R80.20.
Basic Deployment
In order to configure a Cyfin target for the logs, run the following on the log server:
cp_log_export add name cyfin_syslog target-server <cyfin_ip> target-port 1455 protocol udp format syslog –apply-now
where <cyfin_ip> is the IP address of your Cyfin server
Helpful Tools
- To remove the exporter, run:
cp_log_export delete name cyfin_syslog –apply-now
- To display the exporter’s status, run:
cp_log_export status name cyfin_syslog
- To reset the current position and reexport all logs per the configuration, run:
cp_log_export reexport name cyfin_syslog
Troubleshooting Tips
If you do not see log files being exported:
- Stop the exporter by running: cpstop
- Then start the exporter by running: cpstart
If there is still an issue:
- Edit $EXPORTERDIR/targets/cyfin_syslog/targetConfiguration.xml
- Locate <log_files>1</log_files>
- Change to <log_files></log_files>
- Stop the exporter by running: cpstop
- Then start the exporter by running: cpstart
Once this part is completed in Check Point, you can then open Cyfin, go to Data Management – Log Data Source – Setup, and run through the Log Data Source Setup wizard. Upon completing the Log Data Source Setup wizard, you should start to see data in the file “SyslogXXXXXXX.txt” in the log file directory that you chose in the wizard.
Additional Resources:
- Wavecrest video on setup of Cyfin Syslog: Cyfin Syslog setup video