1.Login
Overview
The Syslog protocol is enabled on most network devices, such as routers and switches. Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. to the Syslog server in syslog format
STEPS
1. Log in to your checkpoint firewall
...
5 . You will see your Remote server IP in the list
6 . Login to your remote server and run this command to see whether it is receiving the logs from your firewall
→
Verification
- VERIFICATION CAN BE DONE IN TWO WAYS :-
1.By checking on UI
2. Checking logs through CCE server
Verification through UI
- Open UI >>System tab >> Logs and flows collection status:
- The IP will reflect below source device IP
Verification Through CCE server
- Run the command " sudo tcpdump -i any
...
- port 514 and host <IP address>
