web analytics

CHECK POINT ENFORCEMENT MODULE

Log Management Logo

Log Forwarding > Network Infrastructure > Check Point Enforcement Module

Instructions for forwarding Check Point Enforcement Module logs to your Log Management device

PREREQUISITES

Check Point Security Management Server running Gaia OS

  • The IP Address for the Check Point Security Management Server
  • Credentials to access the Check Point Security Management Server
  • Secure Shell (SSH) access configured on the Check Point Security Management Server

Clone Systems Log Management Device

  • The IP Address for the Clone Systems Log Management device

INSTRUCTIONS

1

Open a command prompt and SSH into the Check Point appliance using a tool like PuTTY.

PuTTY: a free SSH and Telnet client

Note: These instructions are not supported on Multi-Domain Server.

2

Log into CLISH by entering the Login name and Password and then clicking Enter.

Login name: login name

Password: login password

Click Enter.

3

After logging in to CLISH you need to access the bash shell in expert mode. Execute the expert command and enter the password to get to the bash shell.

[HostName]# expert

Password: expert password

Click Enter

4

Backup the cpboot script.

[Expert@HostName]# cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot_ORIGINAL

5

Edit the current cpboot script using the VI editor.

[Expert@HostName]# vi /etc/rc.d/init.d/cpboot

6

Add the following line at the very bottom of the cpboot script.

fw log –f –t –n -1 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger –p local4.info –t CP_FireWall &

7

Save the changes and exit from the VI editor

Press :wq

8

Reboot the Security Management Server.

[Expert@HostName]# reboot

Click Enter

9

If the Check Point Security Management Server logs do not appear on the Clone Systems Log Management device, then repeat the steps above and replace the following line at the very bottom of the cpboot script instead of the line noted in Step 5 above.

While read line ; do if [ “’echo — $line’” != “—“ ] ; then logger –p local4.err –t CP_FireWall $line ; fi ; done < <(fw log –f –t –n -1 2>/dev/null) &