The checkpoint FW (SMB) has the ability to send “system logs” or “security logs” or “both” to external syslog server.
I’ve configured it to send the logs (both system and security logs) to graylog server which running on AWS.
I only see the system logs on graylog and I would like to know why.
When I send the logs to another syslog server (also on AWS on the same VPC) such as 3Cdeamon I see both security and system logs.
I checked with CP and both logs are in the same syslog format.
- Where is the file that store the logs on graylog on AWS (it’s not in /var/log/messages)? I’d like to see if the security logs arrived to graylog.
- Any recommendation how to troubleshoot this issue will be great?