Log Forwarding > Network Infrastructure > Check Point Enforcement Module
CHECK POINT ENFORCEMENT MODULE
Instructions for forwarding Check Point Enforcement Module logs to your Log Management device
PREREQUISITES
Check Point Security Management Server running Gaia OS
- The IP Address for the Check Point Security Management Server
- Credentials to access the Check Point Security Management Server
- Secure Shell (SSH) access configured on the Check Point Security Management Server
Clone Systems Log Management Device
- The IP Address for the Clone Systems Log Management device
INSTRUCTIONS
1
Open a command prompt and SSH into the Check Point appliance using a tool like PuTTY.
PuTTY: a free SSH and Telnet client
Note: These instructions are not supported on Multi-Domain Server.
2
Log into CLISH by entering the Login name and Password and then clicking Enter.
Login name: login name
Password: login password
Click Enter.
3
After logging in to CLISH you need to access the bash shell in expert mode. Execute the expert command and enter the password to get to the bash shell.
[HostName]# expert
Password: expert password
Click Enter
4
Backup the cpboot script.
[Expert@HostName]# cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot_ORIGINAL
5
Edit the current cpboot script using the VI editor.
[Expert@HostName]# vi /etc/rc.d/init.d/cpboot
6
Add the following line at the very bottom of the cpboot script.
fw log –f –t –n -1 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger –p local4.info –t CP_FireWall &
7
Save the changes and exit from the VI editor
Press :wq
8
Reboot the Security Management Server.
[Expert@HostName]# reboot
Click Enter
9
If the Check Point Security Management Server logs do not appear on the Clone Systems Log Management device, then repeat the steps above and replace the following line at the very bottom of the cpboot script instead of the line noted in Step 5 above.
While read line ; do if [ “’echo — $line’” != “—“ ] ; then logger –p local4.err –t CP_FireWall $line ; fi ; done < <(fw log –f –t –n -1 2>/dev/null) &
