Exporting Check Point logs over syslog (LogExporter) (using Smrtevent server)

Document created by CHINMAYA NAIK on Jul 18, 2018Last modified by CHINMAYA NAIK on Jul 18, 2018
Version 2Show Document
  • View in full screen mode
Please correct if below process is wrong
Requirement: Exporting Check Point logs over Syslog (LogExporter) to SIEM (my case Alien Vault)
Dedicated SmrtEvent server with R77.30 GAIA OS
Step 01: Check the current Hotfix install on SmartEvent server
Using CLI: installed_jumbo_take and cpinfo -y all 
Using WebUI: "Status and Actions" 
Step 02: If take_292 or above is exit then skip this step (step 02) or else follow the below process
:-  Open the WebUI of SmartEvent then go to the "Status and Actions"  and import the HOTFIX package then verify and then install the package.
Hotfix take_302 
Link: 
NOTE: Verify the MD5 value
 
NOTE: Reboot is required 
Step 03: After installation of jumbo hotfix needs to install the below HOTFIX.
Check_Point_R77.30_Log_Exporter_T25_sk122323_FULL.tgz 
Link:
NOTE: Verify the MD5 value 
NOTE: Reboot is required
:- Open the WebUI of SmartEvent then go to the "Status and Actions"  and import the HOTFIX package then verify and then install the package.
 
 
Step 04: Open the CLI of smart event server.
 
Below two command required to execute. 
 
1st:   cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server> target-port <target-port> protocol <(udp|tcp)> format <(syslog)|(cef)> [optional arguments] 
 
EXAMPLE:
 
cp_log_export add name 192.168.10.5 target-server 192.168.10.6 target-port 514 protocol tcp format syslog 
 
192.168.10.5: SmartEvent server
 
192.168.10.6: SIEM 
 
2nd: cp_log_export  <command-name>
EXAMPLE: 
cp_log_export start                 <stop / status  / restart >
Step 05:  verify by running tcpdump command.
EXAMLE: tcpdump -nni eth0 port '514'
NOTE: need to configure from SIEM as well.
NOTE: Jumbo Hotfix may you take the latest one as per the new release my case I am using take_302
Refer SK: sk122323 
#Chinmaya Naik
Network Security EngineerQOS Technology, INDIA

Attachments

    Outcomes