https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137409#M24530 <P>Well, dont thank me yet :-). I did ask, but lets see if I get the answer...if this is something he put lots of work into, I cant guarantee he can share it, but I will let you know either way.</P> <P>Cheers.</P> Wed, 29 Dec 2021 19:02:14 GMT the_rock 2021-12-29T19:02:14Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137354#M24522 <P>I have integrated Checkpoint R80.40 with an SIEM tool via log exporter configuration.</P><P>SIEM teams is looking for Geo Location information from these syslogs..is it possible to get this information from syslogs ?</P> Wed, 29 Dec 2021 12:05:51 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137354#M24522 LostBoY 2021-12-29T12:05:51Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137357#M24523 <P>Are you using geo objects in your access policy?</P> <P><SPAN style="font-family: inherit; background-color: #ffffff;">Search for src_country / dst_country in&nbsp;</SPAN><SPAN style="font-family: inherit; background-color: #ffffff;">sk144192 to understand the mappings.</SPAN></P> Wed, 29 Dec 2021 12:39:24 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137357#M24523 Chris_Atkinson 2021-12-29T12:39:24Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137362#M24524 <P>Thanks for the reply.. no i am not using geo objects but i was wondering if any location information can be filtered from syslogs ..like in smartconsole logs we can see a location flag against source and destination IPs</P> Wed, 29 Dec 2021 13:37:51 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137362#M24524 LostBoY 2021-12-29T13:37:51Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137367#M24526 <P>I am not SIEM guy by any means, but from what I know, dont believe you can do it that way, though I could ask one of my colleagues, as I know he did something even better for a customer.</P> Wed, 29 Dec 2021 15:20:22 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137367#M24526 the_rock 2021-12-29T15:20:22Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137390#M24528 <P>I emailed my colleague your question, so will see what he says.</P> Wed, 29 Dec 2021 16:07:59 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137390#M24528 the_rock 2021-12-29T16:07:59Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137407#M24529 <P>Thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 29 Dec 2021 18:46:46 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137407#M24529 LostBoY 2021-12-29T18:46:46Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137409#M24530 <P>Well, dont thank me yet :-). I did ask, but lets see if I get the answer...if this is something he put lots of work into, I cant guarantee he can share it, but I will let you know either way.</P> <P>Cheers.</P> Wed, 29 Dec 2021 19:02:14 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137409#M24530 the_rock 2021-12-29T19:02:14Z https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137494#M24548 <P>Hey&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/8988">@LostBoY</a>&nbsp;. This is a response I got from my colleague to your initial question:</P> <P>"You can only get external IP and then the SIEM should have the capability to map the IP to country and city name etc. Usually SIEM tools are equipped with GEOIP databases and lookups. Syslog will include only external IPs"</P> Fri, 31 Dec 2021 02:18:33 GMT https://community.checkpoint.com/t5/General-Topics/Geolocation-details-in-Checkpoint-Syslogs/m-p/137494#M24548 the_rock 2021-12-31T02:18:33Z