This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Oscar_Bernat
Explorer
‎2021-01-22 08:09 AM
Jump to solution

Is there any API endpoint to retrieve or query raw logs (also suppressed logs)

 
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-01-25 12:15 AM
In response to Oscar_Bernat
Jump to solution

As I just posted in your other thread, suppressed logs are suppressed from being written anywhere.
Which means the logs simply don't exist, no matter how you might want to acquire them.
If you need those logs, you have to disable log suppression. 

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-01-22 09:28 AM
Jump to solution

R80.40 JHF and R81, yes.
https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.7
If you want all logs, you’re better off using something like Log Exporter.

0 Kudos
Oscar_Bernat
Explorer
‎2021-01-25 12:04 AM
In response to PhoneBoy
Jump to solution

We have been working with the show-logs API endpoint but suppressed logs are not accessible.

Do you mean that using the log exporter we can export all logs, even suppressed logs?

We integrated the logs with Splunk without luck, the suppressed logs are not being forwarded.

We have followed this integration document https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm?topic=documents/App_for_Splunk...

Can the SIEM integration be changed to forward raw logs (also suppressed logs)?

Thanks!

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-01-25 12:15 AM
In response to Oscar_Bernat
Jump to solution

As I just posted in your other thread, suppressed logs are suppressed from being written anywhere.
Which means the logs simply don't exist, no matter how you might want to acquire them.
If you need those logs, you have to disable log suppression. 

0 Kudos
Oscar_Bernat
Explorer
‎2021-01-28 11:56 PM
In response to PhoneBoy
Jump to solution

Thanks a lot!!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events