- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Yes we do today in R80.40 with latest JHF and with R81. Check out https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20
R80 does doesn't have APIs that can read logs.
This is on our to-do list for a future release.
Does checkpoint support open and standard API to export internal logs and security events to SIEM
A number of third party SIEMs support pulling logs from Check Point management devices.
It is done through the Log Export API (LEA), which is part of the OPSEC SDK.
fw1-loggrabber is an open source tool that pulls logs from Check Point devices.
Yes we do today in R80.40 with latest JHF and with R81. Check out https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v1.6.1%20
Will the API ever support grabbing logs by specific position, similar to how it was done with the OPSEC LEA... position as in the epoch value tracked by fw.logtrack?
Currently the API only supports custom-start and custom-end with ISO8601 format, which isn't very helpful when you want to write code making it impossible to miss a single log or avoid creating duplicates.
Maybe I'm missing something??
The logs API as it exists today is more about pulling specific logs versus streaming, which is what OPSEC LEA does.
Perhaps in the future we will have a different endpoint for streaming the logs beyond using Log Exporter.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY