https://community.checkpoint.com/t5/General-Topics/What-log-events-can-CheckPoint-Blades-produce/m-p/12747#M2073 <HTML><HEAD></HEAD><BODY><P>As part of our corporate security monitoring initiatives we need to review all the possible log messages that can be produced by the platform across all the main blades e.g. VPN, IPS, URL Filtering, FW, Application Control etc. We currently feed all events in to our own SIEM and SOC and we require information of all possible events that can be produced by the Checkpoint Platform to the level of detail such as that from vendors like Cisco e.g. <A href="https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html">https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html</A></P><P></P><P>Many thanks,</P><P></P><P>Roland</P></BODY></HTML> Fri, 17 Nov 2017 16:02:43 GMT Roland_Eschenbu 2017-11-17T16:02:43Z https://community.checkpoint.com/t5/General-Topics/What-log-events-can-CheckPoint-Blades-produce/m-p/12747#M2073 <HTML><HEAD></HEAD><BODY><P>As part of our corporate security monitoring initiatives we need to review all the possible log messages that can be produced by the platform across all the main blades e.g. VPN, IPS, URL Filtering, FW, Application Control etc. We currently feed all events in to our own SIEM and SOC and we require information of all possible events that can be produced by the Checkpoint Platform to the level of detail such as that from vendors like Cisco e.g. <A href="https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html">https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog.html</A></P><P></P><P>Many thanks,</P><P></P><P>Roland</P></BODY></HTML> Fri, 17 Nov 2017 16:02:43 GMT https://community.checkpoint.com/t5/General-Topics/What-log-events-can-CheckPoint-Blades-produce/m-p/12747#M2073 Roland_Eschenbu 2017-11-17T16:02:43Z https://community.checkpoint.com/t5/General-Topics/What-log-events-can-CheckPoint-Blades-produce/m-p/12748#M2074 <HTML><HEAD></HEAD><BODY><P>There are a couple of different types of log messages:</P><UL><LI>Syslog from the OS:&nbsp;<A class="link-titled" href="http://downloads.checkpoint.com/dc/download.htm?ID=24459" title="http://downloads.checkpoint.com/dc/download.htm?ID=24459" rel="nofollow noopener noreferrer" target="_blank">Check Point Gaia Syslog Messages Reference Guide</A>&nbsp;</LI><LI>The security logs: These are typically imported via LEA.&nbsp;Much of the&nbsp;information we make available via LEA is here: <A href="https://community.checkpoint.com/docs/DOC-2186" target="_blank">LEA Fields</A>‌</LI></UL><P></P><P>I don't believe we have a consolidated list of every message that can appear.</P><P>I know the LEA document is out of date (it's from 2014).</P><P>I believe this is being addressed as part of the LogOut project mentioned here:&nbsp;<A href="https://community.checkpoint.com/message/7996-re-is-there-a-document-that-list-all-the-possible-values-for-the-action-column-that-i-can-have-in-the-log-for-every-different-blade" target="_blank">https://community.checkpoint.com/message/7996-re-is-there-a-document-that-list-all-the-possible-values-for-the-action-column-that-i-can-have-in-the-log-for-every-different-blade</A>&nbsp;</P></BODY></HTML> Fri, 21 Jun 2019 09:03:05 GMT https://community.checkpoint.com/t5/General-Topics/What-log-events-can-CheckPoint-Blades-produce/m-p/12748#M2074 PhoneBoy 2019-06-21T09:03:05Z