https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201317#M37851 <P>Hi,</P><P>Thanks for your answer, but since from the gateways I can send syslog messages directly to other syslog servers apart the manager I imagined I could send them directly in CEF format.</P><P>One further question if you can help.</P><P>I managed to configure the manager to send in CEF format, mas the amount of information is huge, and I dont see no changes either I configure it to send all messages or just emergency.</P><P>Is there a way to configure the CEF level of messages?</P><P>Regards</P> Thu, 21 Dec 2023 15:31:55 GMT CarlosDias 2023-12-21T15:31:55Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132678#M19679 <PRE><SPAN class="">hello, is it possible to export logs from / var / log / messages in cef format to siem system? It is known that it is not possible to do it through cp_log_export, and with sk102995 there is no way to change the format to cef.</SPAN></PRE> Wed, 27 Oct 2021 06:44:26 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132678#M19679 Arturxr 2021-10-27T06:44:26Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132681#M19680 <P>See&nbsp;<A class="cp_link sc_ellipsis" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk122323&amp;partition=Basic&amp;product=SmartEvent" target="_blank">sk122323: Log Exporter - Check Point Log Export</A>&nbsp;:</P> <P><STRONG>Formats:</STRONG><SPAN> Syslog, Splunk, CEF, LEEF, Generic, JSON, LogRhythm, RSA</SPAN></P> <P><SPAN><STRONG><CODE>cp_log_export add name &lt;<EM>Name</EM>&gt; [domain-server &lt;<EM>Name or IP address of Domain Server</EM>&gt;] target-server &lt;<EM>HostName or IP address of Target Server</EM>&gt; target-port &lt;<EM>Port on Target Server</EM>&gt; protocol {udp | tcp} format {syslog | splunk |&nbsp;cef | leef | generic | json | logrhythm | rsa}</CODE></STRONG></SPAN></P> Wed, 27 Oct 2021 07:04:20 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132681#M19680 G_W_Albrecht 2021-10-27T07:04:20Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132682#M19681 <P><SPAN>Hello, I looked at this sk, there is no way to export specifically / var / log / messages, the manufacturer says the same</SPAN></P> Wed, 27 Oct 2021 07:08:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132682#M19681 Arturxr 2021-10-27T07:08:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132692#M19687 <P>Look into this discussion about getting logs from&nbsp;<SPAN>security gateway (not traffic related logs, but for example, /var/log/messages) from syslog:</SPAN></P> <P><A href="https://community.checkpoint.com/t5/General-Topics/Syslog-messages-from-the-Security-Gateway/td-p/31766" target="_blank">https://community.checkpoint.com/t5/General-Topics/Syslog-messages-from-the-Security-Gateway/td-p/31766</A></P> <P>&nbsp;</P> Wed, 27 Oct 2021 08:36:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132692#M19687 G_W_Albrecht 2021-10-27T08:36:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132712#M19692 <P>Log Exporter can export Security Logs (not from /var/log/messages) in CEF format.<BR />You can send OS logs to the Security Logs as&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/21294">@G_W_Albrecht</a>&nbsp;mentions, which can then be exported as CEF.<BR />However, I suspect the result of that may not be what you’re after.</P> Wed, 27 Oct 2021 13:56:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/132712#M19692 PhoneBoy 2021-10-27T13:56:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201273#M37844 <P>Hi,</P><P>I am running R81.10 JHF 110 and only see this command on the Manager.</P><P>What about the Gateways?</P><P>Regards</P> Thu, 21 Dec 2023 11:39:40 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201273#M37844 CarlosDias 2023-12-21T11:39:40Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201297#M37848 <P>Firewall logs are sent to the manager or log host. Therefore this command is mangement/logserver only.</P> Thu, 21 Dec 2023 13:32:59 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201297#M37848 Vincent_Bacher 2023-12-21T13:32:59Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201317#M37851 <P>Hi,</P><P>Thanks for your answer, but since from the gateways I can send syslog messages directly to other syslog servers apart the manager I imagined I could send them directly in CEF format.</P><P>One further question if you can help.</P><P>I managed to configure the manager to send in CEF format, mas the amount of information is huge, and I dont see no changes either I configure it to send all messages or just emergency.</P><P>Is there a way to configure the CEF level of messages?</P><P>Regards</P> Thu, 21 Dec 2023 15:31:55 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Export-logs-from-var-log-messages-in-cef-format/m-p/201317#M37851 CarlosDias 2023-12-21T15:31:55Z