Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Verac
Participant

Exclude networks from log export

Hello all.

 

I'm trying to trim up logs being sent from the Checkpoint to our SIEM. I have a log_export setup to forward everything to it currently.

I have a series of Public Wifi networks that I'd rather not send the logs for.

 

Is it possible to exclude all these networks (I have a a series of CIDRS and a supernet) from the log_export?

 

Running R81 on the management server.

 

Any help is appreciated!

4 Replies
the_rock
Authority
Authority

Thats actually excellent question. Let me check with my colleague who is SIEM guru and see what he says. I will update the thread once I hear back.

0 Kudos
the_rock
Authority
Authority

Hi,

MY colleague got back to me and he does not believe you can do so on CP side, but you can on SIEM using filters. I did find below on CP article, not sure if its helpful, but you may need to confirm with TAC.

 

cp_log_export

 

 

 

0 Kudos
Verac
Participant

Thanks! That is what I was afraid of.  I check back in periodically to see if the filtering has been improved any.

the_rock
Authority
Authority

Yea, sorry about that...but it might be worth checking with TAC, just so you get official confirmation.

0 Kudos