Wednesday, April 2, 2014

Forwarding Management logs from CMAs to CLMs

If you only log your GWs to CLMs and not to CMAs, it is not exactly convenient having Management audit logs still residing on CMAs.

sk27042 is addressing this matter, but it is grossly outdated. Here is a procedure to forward audit logs to CMAs that works for versions R75.40 and up:

  • Make sure that the CMA is not specified as a Log Server for any Security gateway. If it is, these Security gateways should be reconfigured to redirect their logs to somewhere else (for instance to the CLM). 
  • Use GUIDbEdit, connect to CMA in question, under "network objects" find . In the object properties, find log_server parameter and set the value to false. Then find use_loggers_and_masters parameter and change its property to true. Save DB and exit GUIDBEdit.
  • Log in to CMA with smartDashboard and open CMA object, then go to Logs tab. 
  • If the settings there are greyed out, change settings to control the log settings using SmartDashboard (press “here” link in the tab). Set up primary and secondary log location as required. 
  • Install database on all MGMT objects.
Log into CLM with SmartTracker and check you now have Management logs coming in.

No comments:

Post a Comment