This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2018-07-25 09:01 AM

Log Exporter - Splunk Integration Update

Hello Everyone,

We are currently in advanced stages of developing a Log Exporter update that will add CIM support.

This will give us better Splunk integration for CIM oriented apps and dashboards (e.g. Splunk Enterprise Security).

 

We are currently looking for customers who wish to test this new feature (in either their lab or production) and share their feedback with us.

 

I would also really appreciate if in your email you could also add the following details:

  • what version of Check Point do you use? And what version of Splunk server?
  • Is your Splunk environment installed as a single-instance or is it a distributed environment?
  • Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on?

       

The new update will also enable the Log Exporter to work in a semi-unified mode.

For those who are unfamiliar with this setting, it means that updates are unified with their original log before they are exported. This makes the information in the update log complete and makes the update log itself more readable (in raw mode you had to manually search for the original log to make sense of the update).

Best Regards,

 Yonatan 

Labels
5 Replies
Amit_Chaubey
Contributor
‎2018-09-15 12:21 PM

Hi Yonatan,

I am deploying R80.10 Checkpoint FW(3 Tie architecture) in AWS. I am using Terraform for resource provisioning and Ansible for config automation. I am looking for the solution to add Ansible config to send log from Checkpoint FW to Splunk server, details are below, 

  • what version of Check Point do you use? R80.10
  • And what version of Splunk server?   Splunk Version7.0.1
  • Is your Splunk environment installed as a single-instance or is it a distributed environment?   : Distributed.
  • Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on? No.

Please suggest on this, if possible please share the example of script should look like.

Thank you, 

Amit Chaubey

Amit_Chaubey
Contributor
‎2018-09-25 03:41 AM

Hi Yonatan,

 

I am deploying R80.10 Checkpoint FW(3 Tie architecture) in AWS. I am using Terraform for resource provisioning and Ansible for config automation. I am looking for the solution to add Ansible config to send log from Checkpoint FW to Splunk server, details are below, 

 

  • what version of Check Point do you use? R80.10
  • And what version of Splunk server?   Splunk Version7.0.1
  • Is your Splunk environment installed as a single-instance or is it a distributed environment?   : Distributed.
  • Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on? No.

 

Please suggest on this, if possible please share the example of script should look like.

 

Thank you, 

 

Amit Chaubey

0 Kudos
Yonatan_Philip
Employee Alumnus
Employee Alumnus
‎2018-09-27 01:29 AM
In response to Amit_Chaubey

Hi Amit, 

Sorry for the late response.

We've basically closed off the EA at this point, but after some internal debate and since we haven't tested this new feature on AWS we decided that this is an interesting use case and will gladly add you to the EA cycle as well. 

Just a small clarification based on your post - the logs will be sent from the gateway to the management/log server and will be forwarded from there to the Splunk server. They are not sent directly from the gateway to Splunk.

If you still wish to participate please contact me offline at (edited as the feature is already GA)

Regards,

 Yonatan 

0 Kudos
DeletedUser
Not applicable
‎2018-11-23 10:11 AM
In response to Yonatan_Philip

In case anyone has missed it, this is GA now. For more information see this discussion: *New* Splunk App for Check Point Logs

David_James1
Explorer
‎2019-09-18 06:54 AM

Hello,  Mr. Yonatan.

Are you still interested in working with customers trying to implement the Check Point App for Splunk in a distributed Splunk Enterprise deployment?

Gaia R80.20

Distributed Splunk 7.2.4

First use of Log Exporter, somewhat new to Checkpoint, Splunk noob.  The only available Checkpoint documentation that I've been able to find for integrating Log Exporter with Splunk appears to be for a standalone Splunk environment.

 

Thanks---David

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events