Syslog is NOT LEA. Having smart center accept syslogs is as easy as going into logging and allowing Syslog to come into smart center. Then allow rules to allow Syslog traffic to get to server.
This may require a cpstop; cpstart to activate after turning on. Sent from my iPhone On Jan 11, 2012, at 6:30, "Turenne" <[email protected]> wrote: > Hi David, Hi Rajeev > > I realy appreciate for you help. Thank you very much. > > > > 2012/1/11 turenne azevedo <[email protected]> >> >> >> >> Turenne Jr >> +55 11 6542.3699 >> >> >> >>> Date: Tue, 27 Dec 2011 16:33:17 -0500 >>> From: [email protected] >>> Subject: Re: [FW-1] Do you know to setting Opsec LEA_Server? >>> To: [email protected] >>> >>> Thanks, David. >>> >>> Hi Turenne, >>> Guess, there is not enough information but from what I can discern from >>> your post, here are some questions and pointers that may help you: >>> 1. Is your 'system/app' you call 'Syslog' (I understand you may be alluding >>> to a syslog server but not sure) has OPSEC/LEA API's >>> compiled/installed/configured? Without OPSEC/LEA API's, it will fail to >>> communicate with Checkpoint SmartCenter (what in your LEA client context >>> will be the LEA Server) >>> 2. Once the steps at '1' above have been taken, you are right in creating >>> an OPSEC Application for your LEA client (in your case what you call as >>> 'Syslog') but you just need to check only the 'LEA' under 'Client Entities' >>> and nothing to be checked under 'Server Entities'. You can then >>> 'initialize' SIC from this LEA application which will show "Initialized but >>> trust not established". >>> 3. You will then go to Policy>Install Database and install that on your >>> SmartCenter >>> 4. You do not need to make any changes to 'fwopsec.conf' file. Since NG and >>> above, Checkpoint does not recommend making any changes to it unless you >>> want to change the default port. Even without making changes to >>> 'fwopsec.conf' file, you would see 'netstat -an | grep 18184' showing up as >>> 'listening' >>> 5. You will then need to establish trust from your LEA client application >>> (Syslog) and once it is successfully established, the OPSEC Application you >>> created in SmartDashboard for LEA client will reflect 'trust established'. >>> (This will ensure the connection from your LEA client to LEA server is >>> fully authenticated but if you do not want it (won't recommend it though), >>> the connection can be made transparent and you do not have to go through >>> 'SIC' trust establishment) >>> 6. The above steps will help you get going but the important step is number >>> 1 to ensure your Syslog app/system is 'Checkpoint Aware' having OPSEC/LEA >>> APIs installed. >>> hope it helps. >>> Best, >>> Rajeev >>> >>> >>> On Tue, Dec 27, 2011 at 3:08 PM, David DeSimone <[email protected]> wrote: >>> >>>> I don't have an answer for Sr. Azevedo's problem, but I was able to >>>> translate his emails by removing some extra Content-Type headers that >>>> were ruining the base64 encoding. Perhaps someone else can answer: >>>> >>>> turenne azevedo <[email protected]> wrote: >>>>> >>>>> Hello...Good morning everyone >>>>> >>>>> I'm have problems to make a Syslog communicate with a >>>>> SmartCenter. After made settings in SmartDashboard Lea_Server >>>>> OPSEC (Manage> Servers and OPSEC Applications> New> OPSEC Application, >>>>> I created a name and a host node for Syslog, LEA checked the Entities >>>>> and Clients did SIC). I also made changes to the file fwopsec.conf >>>>> (lea_server auth_port lea_server AUTH_TYPE sslca and 18184). The >>>>> policy was apply and the SmartCenter initialized. I used the command >>>>> netstat-na | grep 18184 and I saw that the port was listening. This >>>>> missing a step? Any ideas for problem solving? Missing some setting? >>>>> >>>>> Thank you. A great day! >>>>> >>>>> Turenne Jr >>>>> +55 11 6542.3699 >>>>> >>>>> >>>> >>>> -- >>>> David DeSimone == Network Admin == [email protected] >>>> "I don't like spinach, and I'm glad I don't, because if I >>>> liked it I'd eat it, and I just hate it." -- Clarence Darrow >>>> >>>> >>>> This email message is intended for the use of the person to whom it has >>>> been sent, and may contain information that is confidential or legally >>>> protected. If you are not the intended recipient or have received this >>>> message in error, you are not authorized to copy, distribute, or otherwise >>>> use this message or its attachments. Please notify the sender immediately >>>> by return e-mail and permanently delete this message and any attachments. >>>> Verio, Inc. makes no warranty that this email is error or virus free. >>>> Thank you. >>>> >>>> Scanned by Check Point Total Security Gateway. >>>> >>>> ================================================= >>>> To set vacation, Out-Of-Office, or away messages, >>>> send an email to [email protected] >>>> in the BODY of the email add: >>>> set fw-1-mailinglist nomail >>>> ================================================= >>>> To unsubscribe from this mailing list, >>>> please see the instructions at >>>> http://www.checkpoint.com/services/mailing.html >>>> ================================================= >>>> If you have any questions on how to change your >>>> subscription options, email >>>> [email protected] >>>> ================================================= >>>> >>>> Scanned by Check Point Total Security Gateway. >>>> >>> >>> >>> Scanned by Check Point Total Security Gateway. >>> >>> ================================================= >>> To set vacation, Out-Of-Office, or away messages, >>> send an email to [email protected] >>> in the BODY of the email add: >>> set fw-1-mailinglist nomail >>> ================================================= >>> To unsubscribe from this mailing list, >>> please see the instructions at >>> http://www.checkpoint.com/services/mailing.html >>> ================================================= >>> If you have any questions on how to change your >>> subscription options, email >>> [email protected] >>> ================================================= > > > > > -- > Turenne Azevedo > cel. 11.6542-3699 > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > Email secured by Check Point > Email secured by Check Point Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
