Device | Details |
---|---|
Vendor | Check Point |
Device Type | Firewall |
Connection Type | Syslog |
Data Source Name | fw1-alt |
Data Source ID | 1590 |
On the Check Point appliance, back up the current /etc/syslog.conf
script:
cp /etc/syslog.conf /etc/syslog.conf_ORIGINAL
Edit the current /etc/syslog.conf
script by adding the following line:
local4.info @<IP address of the Sheriff CSM Sensor>
Note: Press TAB after local4.info.
Save your configuration edits and close the file.
Back up the /etc/rc.d/init.d/cpboot
script, and edit the current version of /etc/rc.d/init.d/cpboot by adding the following line at the bottom of the script:
fw log -f -t -n -l 2> /dev/null | awk 'NF' | logger –p local4.info -t CP_FireWall &
Where:
& = run command in the background. If & is not included, the operating system stops before loading the syslogd service. No login prompt then appears at the console.
For help on available flags, enter:
fw log --help
Restart the machine.
Important: Restarting the Check Point services with the cpstop;cpstart commands does not suffice. Only a restart achieves the desired result.