CHECK POINT ENFORCEMENT MODULE
Instructions for forwarding Check Point Enforcement Module logs to your Log Management device
PREREQUISITESCheck Point Security Management Server running Gaia OS
- The IP Address for the Check Point Security Management Server
- Credentials to access the Check Point Security Management Server
- Secure Shell (SSH) access configured on the Check Point Security Management Server
- The IP Address for the Clone Systems Log Management device
1. Open a command prompt and SSH into the Check Point appliance using a tool like PuTTY.
2. Log into CLISH by entering the Login name and Password and then clicking Enter.
3. After logging in to CLISH you need to access the bash shell in expert mode. Execute the expert command and enter the password to get to the bash shell.
4. Backup the cpboot script.
5. Edit the current cpboot script using the VI editor.
6. Add the following line at the very bottom of the cpboot script.
7. Save the changes and exit from the VI editor
8. Reboot the Security Management Server.
9. If the Check Point Security Management Server logs do not appear on the Clone Systems Log Management device, then repeat the steps above and replace the following line at the very bottom of the cpboot script instead of the line noted in Step 5 above.