2.6.1 Ensure mgmtauditlogs is set to on

Information

The mgmtauditlogs specifies if the Gaia sends the Gaia audit logs (for configuration changes that authorized users make) to a Check Point Management Server.

Rationale:

The mgmtauditlogs enables the logging functionality for configuration change done by the user. In Gaia os, we can export the Syslog messages from security gateway to Syslog server or security management server, and it can be reviewed as normal logs in SmartView Tracker. This enables organizations to monitor and analyze configuration change made by users.

Solution

Run the following command to enable the mgmtauditlogs.
CLI:

Hostname> set syslog mgmtauditlogs on

GUI:

Navigate to System Management > System Logging > System Logging
checked the Send audit logs to management server upon successful configuration

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: CheckPoint

Control ID: 40bc977453c69f1796aae24b6a504c0ed41754d3ec58b22109e545ac1569db0d