Exclude networks from log export

Verac · ‎2021-08-25

Hello all.

I'm trying to trim up logs being sent from the Checkpoint to our SIEM. I have a log_export setup to forward everything to it currently.

I have a series of Public Wifi networks that I'd rather not send the logs for.

Is it possible to exclude all these networks (I have a a series of CIDRS and a supernet) from the log_export?

Running R81 on the management server.

Any help is appreciated!

the_rock · ‎2021-08-25

Thats actually excellent question. Let me check with my colleague who is SIEM guru and see what he says. I will update the thread once I hear back.

the_rock · ‎2021-08-25

Hi,

MY colleague got back to me and he does not believe you can do so on CP side, but you can on SIEM using filters. I did find below on CP article, not sure if its helpful, but you may need to confirm with TAC.

cp_log_export

Verac · ‎2021-08-25

Thanks! That is what I was afraid of. I check back in periodically to see if the filtering has been improved any.

the_rock · ‎2021-08-25

Yea, sorry about that...but it might be worth checking with TAC, just so you get official confirmation.

Are you a member of CheckMates?

Exclude networks from log export