https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12794#M93788 <HTML><HEAD></HEAD><BODY><P>Hello Everyone,</P><P></P><P>We are currently in advanced stages of developing a Log Exporter update that will add CIM support.</P><P>This will give us better Splunk integration for CIM oriented apps and dashboards (e.g. Splunk Enterprise Security).</P><P>&nbsp;</P><P>We are currently looking for customers who wish to test this new feature (in either their lab or production) and share their feedback with us.</P><P></P><P>&nbsp;</P><P>I would also really appreciate if in your email you could also add the following details:</P><UL><LI>what version of Check Point do you use? And what version of Splunk server?</LI><LI>Is your Splunk environment installed as a single-instance or is it a distributed environment?</LI><LI>Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on?</LI></UL><P>&nbsp;<SPAN style="color: #1f497d;">&nbsp; &nbsp; &nbsp;&nbsp;</SPAN></P><P>The new update will also enable the Log Exporter to work in a semi-unified mode.</P><P>For those who are unfamiliar with this setting, it means that updates are unified with their original log before they are exported. This makes the information in the update log complete and makes the update log itself more readable (in raw mode you had to manually search for the original log to make sense of the update).</P><P></P><P>Best Regards,</P><P>&nbsp;Yonatan&nbsp;</P></BODY></HTML> Wed, 25 Jul 2018 16:01:25 GMT Yonatan_Philip 2018-07-25T16:01:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12794#M93788 <HTML><HEAD></HEAD><BODY><P>Hello Everyone,</P><P></P><P>We are currently in advanced stages of developing a Log Exporter update that will add CIM support.</P><P>This will give us better Splunk integration for CIM oriented apps and dashboards (e.g. Splunk Enterprise Security).</P><P>&nbsp;</P><P>We are currently looking for customers who wish to test this new feature (in either their lab or production) and share their feedback with us.</P><P></P><P>&nbsp;</P><P>I would also really appreciate if in your email you could also add the following details:</P><UL><LI>what version of Check Point do you use? And what version of Splunk server?</LI><LI>Is your Splunk environment installed as a single-instance or is it a distributed environment?</LI><LI>Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on?</LI></UL><P>&nbsp;<SPAN style="color: #1f497d;">&nbsp; &nbsp; &nbsp;&nbsp;</SPAN></P><P>The new update will also enable the Log Exporter to work in a semi-unified mode.</P><P>For those who are unfamiliar with this setting, it means that updates are unified with their original log before they are exported. This makes the information in the update log complete and makes the update log itself more readable (in raw mode you had to manually search for the original log to make sense of the update).</P><P></P><P>Best Regards,</P><P>&nbsp;Yonatan&nbsp;</P></BODY></HTML> Wed, 25 Jul 2018 16:01:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12794#M93788 Yonatan_Philip 2018-07-25T16:01:25Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12795#M93789 <HTML><HEAD></HEAD><BODY><P>Hi Yonatan,</P><P></P><P>I am deploying&nbsp;R80.10 Checkpoint&nbsp;FW(3 Tie architecture) in AWS. I am using Terraform for resource provisioning and Ansible for config automation. I am looking for the solution to add Ansible config to send log from Checkpoint FW to Splunk server, details are below,&nbsp;</P><P></P><UL style="color: #333333; background-color: #ffffff; border: 0px; padding: 0px 0px 0px 30px;"><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">what version of Check Point do you use? R80.10</LI><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">And what version of Splunk server?&nbsp; &nbsp;Splunk Version7.0.1</LI><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">Is your Splunk environment installed as a single-instance or is it a distributed environment?&nbsp; &nbsp;: Distributed.</LI><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on? No.</LI></UL><P></P><P>Please suggest on this, if possible please&nbsp;share the example of script should look like.</P><P></P><P>Thank you,&nbsp;</P><P></P><P>Amit Chaubey</P></BODY></HTML> Sat, 15 Sep 2018 19:21:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12795#M93789 Amit_Chaubey 2018-09-15T19:21:44Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12796#M93790 <HTML><HEAD></HEAD><BODY><P style="color: #333333; background-color: #ffffff; border: 0px;">Hi Yonatan,</P><P style="color: #333333; background-color: #ffffff; border: 0px;">&nbsp;</P><P style="color: #333333; background-color: #ffffff; border: 0px;">I am deploying&nbsp;R80.10 Checkpoint&nbsp;FW(3 Tie architecture) in AWS. I am using Terraform for resource provisioning and Ansible for config automation. I am looking for the solution to add Ansible config to send log from Checkpoint FW to Splunk server, details are below,&nbsp;</P><P style="color: #333333; background-color: #ffffff; border: 0px;">&nbsp;</P><UL style="color: #333333; background-color: #ffffff; border: 0px; padding: 0px 0px 0px 30px;"><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">what version of Check Point do you use? R80.10</LI><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">And what version of Splunk server?&nbsp; &nbsp;Splunk Version7.0.1</LI><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">Is your Splunk environment installed as a single-instance or is it a distributed environment?&nbsp; &nbsp;: Distributed.</LI><LI style="border: 0px; font-weight: inherit; margin: 0.5ex 0px;">Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on? No.</LI></UL><P style="color: #333333; background-color: #ffffff; border: 0px;">&nbsp;</P><P style="color: #333333; background-color: #ffffff; border: 0px;">Please suggest on this, if possible please&nbsp;share the example of script should look like.</P><P style="color: #333333; background-color: #ffffff; border: 0px;">&nbsp;</P><P style="color: #333333; background-color: #ffffff; border: 0px;">Thank you,&nbsp;</P><P style="color: #333333; background-color: #ffffff; border: 0px;">&nbsp;</P><P style="color: #333333; background-color: #ffffff; border: 0px;">Amit Chaubey</P></BODY></HTML> Tue, 25 Sep 2018 10:41:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12796#M93790 Amit_Chaubey 2018-09-25T10:41:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12797#M93791 <HTML><HEAD></HEAD><BODY><P>Hi Amit,&nbsp;</P><P></P><P>Sorry for the late response.</P><P>We've basically closed off the EA at this point, but after some internal debate and since we haven't tested this new feature on AWS we decided that this is an interesting use case and will gladly add you to the EA cycle as well.&nbsp;</P><P>Just a small clarification based on your post - the logs will be sent from the gateway to the management/log server and will be forwarded from there to the Splunk server. They are not sent directly from the gateway to Splunk.</P><P></P><P>If you still wish to participate please contact me offline at (edited as the feature is already GA)</P><P></P><P>Regards,</P><P>&nbsp;Yonatan&nbsp;</P></BODY></HTML> Thu, 27 Sep 2018 08:29:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12797#M93791 Yonatan_Philip 2018-09-27T08:29:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12798#M93792 <HTML><HEAD></HEAD><BODY><P>In case anyone has missed it, this is GA now. For more information see this discussion:&nbsp;<A href="https://community.checkpoint.com/thread/10286">*New* Splunk App for Check Point Logs</A>.&nbsp;</P></BODY></HTML> Fri, 23 Nov 2018 18:11:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/12798#M93792 DeletedUser 2018-11-23T18:11:10Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/63057#M93793 <P>Hello,&nbsp; Mr.&nbsp;<SPAN>Yonatan.</SPAN></P><P><SPAN>Are you still interested in working with customers trying to implement the Check Point App for Splunk in a distributed Splunk Enterprise deployment?</SPAN></P><P><SPAN>Gaia R80.20</SPAN></P><P><SPAN>Distributed Splunk 7.2.4</SPAN></P><P><SPAN>First use of Log Exporter, somewhat new to Checkpoint, Splunk noob.&nbsp; The only available Checkpoint documentation that I've been able to find for integrating Log Exporter with Splunk appears to be for a standalone Splunk environment.</SPAN></P><P>&nbsp;</P><P>Thanks---David</P> Wed, 18 Sep 2019 13:54:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Log-Exporter-Splunk-Integration-Update/m-p/63057#M93793 David_James1 2019-09-18T13:54:42Z