So , I'm kind of have the same use case going on. So from the above Q&A I take it as the the log events are being sent directly from the gateway. From what I understand, is that the gateway can only send audit policy logs directly from the gateway which is configurable, all other events ( i.e. system, security) must be sent from gateway >> to MX>> Ext- Logger.
Martell Thyman
Lead Cyber Security Engineer
Visa Inc.
------------------------------
Martell Thyman
Cyber Security Engineering Engineer
Ashburn VA
------------------------------
Original Message:
Sent: 06-09-2022 09:26
From: Robert Miller
Subject: Gateway Log - Security Event - System Log to different syslog servers
Sorry, I missed that you were talking about Security Events and WAF.
The "Enable using gateway configuration if exists" is for Audit policies.
And the external logger section in the gateway group is not available for WAF-only deployments.
Do the syslog events get generated from each gateway directly to the syslog server, or are they sent from the MX.
If they are generated from each gateway, then maybe a load balancer in front of the syslog servers would work.
------------------------------
Robert Miller
Senior Cybersecurity Engineer
Bank of the West
Omaha NE
Original Message:
Sent: 06-09-2022 05:33
From: Cezmi Cal
Subject: Gateway Log - Security Event - System Log to different syslog servers
Hi Ken,
This policy option is available for Audit type policies.
------------------------------
Cezmi Cal
technical support engineer
Barikat Cyber Security
Ankara
Original Message:
Sent: 06-09-2022 03:16
From: Ken Chau
Subject: Gateway Log - Security Event - System Log to different syslog servers
Hi Robert,
Yes, the policy is defined on the same MX.
In the policy, I don't find this "Enable using gateway configuration if exists" checkbox. Any idea that this feature is supported starting from which version?
Thank you.
------------------------------
Ken Chau
IT Manager
Central Hong Kong
Original Message:
Sent: 06-08-2022 16:26
From: Robert Miller
Subject: Gateway Log - Security Event - System Log to different syslog servers
Where is your policy defined - on the same MX for both gateways, in a SOM?
If the gateways are in separate gateway groups, then configure the gateway group external logger section for the different syslog servers.
And in the policy check the "Enable using gateway configuration if exists" checkbox
Another option may be to set up a load balancer to direct the traffic to the correct syslog server by the ip of the sending gateway.
------------------------------
Robert Miller
Senior Cybersecurity Engineer
Bank of the West
Omaha NE
Original Message:
Sent: 06-08-2022 02:39
From: Ken Chau
Subject: Gateway Log - Security Event - System Log to different syslog servers
Hi all,
We have gateways deployed in different sites, e.g. site A & site B. Also, there are local syslog serves in both sites. For the same policy rule, how can we tell the gateway in site A to send log to syslog server in site A only, while gateway in site B to send log to syslog server in site B only?
Thank you.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Ken Chau
IT Manager
Central Hong Kong
------------------------------