This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
asher
Contributor
‎2020-12-07 03:14 AM

CP_LOG_EXPORTER - export only spesific fields and add quots to fields

Hi all

 

i working and testing the cp_log_exporter tool,

i create a syslog target server with format LEEF for the example.

i want to:

1. add quots to all fields 

2. export only spesific fields and not all

 

i edit the leef file configuration and i managed add quots to values but not to fields:

<ExportLogFormat>
<start_message_body>{</start_message_body>
<end_message_body>}</end_message_body>
<message_separator>&#10;</message_separator> <!-- &#10;=='\n' -->
<value_encapsulation_start>&quot;</value_encapsulation_start>
<value_encapsulation_end>&quot;</value_encapsulation_end>
<fields_separatator>;</fields_separatator> <!-- &#09;=='\t' -->
<field_value_separatator> = </field_value_separatator>
<escape_chars>

part off the syslog output:

method:"GET" sev:"Unknown" sev:"Low"

you can see that only valus get quots .

 

also i want to export only spesifics fields and not all log,

which file i need to edit ?

 

 

 

 

0 Kudos
3 Replies
Rohit_Raut
Participant
‎2020-12-07 04:06 AM

Hi,

To export only specific fields you can edit /opt/CPrt-R80.40/log_exporter/targets/<name>/conf/fieldsMapping.xml file or create your own fields mapping file and call it to /opt/CPrt-R80.40/log_exporter/targets/Syslog/targetConfiguration.xml file. You have to provide path of the file at mapping configuration. Below snapshot FYR.

log export.PNG

0 Kudos
asher
Contributor
‎2020-12-07 11:22 PM
In response to Rohit_Raut

do you have an example for  fields mapping file?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top