Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Geolocation details in Checkpoint Syslogs

I have integrated Checkpoint R80.40 with an SIEM tool via log exporter configuration.

SIEM teams is looking for Geo Location information from these syslogs..is it possible to get this information from syslogs ?

7 Replies
Chris_Atkinson
Employee
Employee

Are you using geo objects in your access policy?

Search for src_country / dst_country in sk144192 to understand the mappings.

LostBoY
Advisor

Thanks for the reply.. no i am not using geo objects but i was wondering if any location information can be filtered from syslogs ..like in smartconsole logs we can see a location flag against source and destination IPs

0 Kudos
the_rock
Champion
Champion

I am not SIEM guy by any means, but from what I know, dont believe you can do it that way, though I could ask one of my colleagues, as I know he did something even better for a customer.

the_rock
Champion
Champion

I emailed my colleague your question, so will see what he says.

LostBoY
Advisor

Thanks 🙂

0 Kudos
the_rock
Champion
Champion

Well, dont thank me yet :-). I did ask, but lets see if I get the answer...if this is something he put lots of work into, I cant guarantee he can share it, but I will let you know either way.

Cheers.

0 Kudos
the_rock
Champion
Champion

Hey @LostBoY . This is a response I got from my colleague to your initial question:

"You can only get external IP and then the SIEM should have the capability to map the IP to country and city name etc. Usually SIEM tools are equipped with GEOIP databases and lookups. Syslog will include only external IPs"