This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jfischer
Explorer
‎2024-04-16 06:43 AM

External syslog solution

I am looking for a recommendation on an external syslog solution which can capture the log entries for forensic purposes.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2024-04-16 09:11 AM

This is more of an "Off Topic" question 🙂

Your favorite Linux distribution includes a syslog server, either as part of the install or is installable (e.g. syslog-ng)
In the very distant past, I've used Kiwi Syslog on Windows, which appears to now be owned by Solarwinds.
For other options, I defer to the rest of the community. 

0 Kudos
jfischer
Explorer
‎2024-04-16 09:24 AM
In response to PhoneBoy

I should clarify, I am trying to get to Smart-1 Cloud but the logging retention is only 90 days based upon the calculations.  I need a solution to store log files 4-7 years (based upon who you ask).  The hosted solutions were outside the scope of what could be justified.  The logs need to roll into some sort of cold storage solution but Checkpoint has not got around to that solution.

0 Kudos
the_rock
Legend
Legend
‎2024-04-16 09:31 AM
In response to jfischer

We use siem elastic, its awesome. Not sure what is longest log retention, but will ask one of colleagues in that team.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-16 01:56 PM
In response to jfischer

Some of the SKUs in the Product Catalog actually state a 90-day retention time for logs.
You can purchase longer retention using the SKU: CPSM-EVENTS-EXT-RET12M-1Y (this extends it to 1 year).

If you're going to export from Smart-1 Cloud (would have been a good thing to mention up-front), you will need to have one or more of the following SKUs: CPSM-CLOUD-1GB-LOGEXP-1Y
You should also consider using something known to work with Log Exporter (what we use on the backend): https://support.checkpoint.com/results/sk/sk122323 

Strongly suggest working with your local Check Point office on this to ensure you get the solution that will best meet your needs.

0 Kudos
the_rock
Legend
Legend
‎2024-04-16 09:14 AM

Splunk is good for that.

0 Kudos
Trending Discussions
Wednesday laugh
Upcoming Events

    CheckMates Events