Log Forwarding > Network Infrastructure > Check Point Enforcement Module
CHECK POINT ENFORCEMENT MODULE
Instructions for forwarding Check Point Enforcement Module logs to your Log Management device
Check Point Security Management Server running Gaia OS
- The IP Address for the Check Point Security Management Server
- Credentials to access the Check Point Security Management Server
- Secure Shell (SSH) access configured on the Check Point Security Management Server
Clone Systems Log Management Device
- The IP Address for the Clone Systems Log Management device
Open a command prompt and SSH into the Check Point appliance using a tool like PuTTY.
Log into CLISH by entering the Login name and Password and then clicking Enter.
Login name: login name
Password: login password
After logging in to CLISH you need to access the bash shell in expert mode. Execute the expert command and enter the password to get to the bash shell.
Password: expert password
Backup the cpboot script.
[Expert@HostName]# cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot_ORIGINAL
Edit the current cpboot script using the VI editor.
[Expert@HostName]# vi /etc/rc.d/init.d/cpboot
Add the following line at the very bottom of the cpboot script.
fw log –f –t –n -1 2> /dev/null | awk ‘NF’ | sed ‘/^$/d’ | logger –p local4.info –t CP_FireWall &
Save the changes and exit from the VI editor
Reboot the Security Management Server.
If the Check Point Security Management Server logs do not appear on the Clone Systems Log Management device, then repeat the steps above and replace the following line at the very bottom of the cpboot script instead of the line noted in Step 5 above.
While read line ; do if [ “’echo — $line’” != “—“ ] ; then logger –p local4.err –t CP_FireWall $line ; fi ; done < <(fw log –f –t –n -1 2>/dev/null) &