This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2021-12-29 04:05 AM

Geolocation details in Checkpoint Syslogs

I have integrated Checkpoint R80.40 with an SIEM tool via log exporter configuration.

SIEM teams is looking for Geo Location information from these syslogs..is it possible to get this information from syslogs ?

7 Replies
Chris_Atkinson
Employee
Employee
‎2021-12-29 04:38 AM

Are you using geo objects in your access policy?

Search for src_country / dst_country in sk144192 to understand the mappings.

LostBoY
Advisor
‎2021-12-29 05:37 AM
In response to Chris_Atkinson

Thanks for the reply.. no i am not using geo objects but i was wondering if any location information can be filtered from syslogs ..like in smartconsole logs we can see a location flag against source and destination IPs

0 Kudos
the_rock
Champion
Champion
‎2021-12-29 07:20 AM
In response to LostBoY

I am not SIEM guy by any means, but from what I know, dont believe you can do it that way, though I could ask one of my colleagues, as I know he did something even better for a customer.

the_rock
Champion
Champion
‎2021-12-29 08:07 AM
In response to LostBoY

I emailed my colleague your question, so will see what he says.

LostBoY
Advisor
‎2021-12-29 10:46 AM
In response to the_rock

Thanks 🙂

0 Kudos
the_rock
Champion
Champion
‎2021-12-29 11:02 AM
In response to LostBoY

Well, dont thank me yet :-). I did ask, but lets see if I get the answer...if this is something he put lots of work into, I cant guarantee he can share it, but I will let you know either way.

Cheers.

0 Kudos
the_rock
Champion
Champion
‎2021-12-30 06:18 PM
In response to LostBoY

Hey @LostBoY . This is a response I got from my colleague to your initial question:

"You can only get external IP and then the SIEM should have the capability to map the IP to country and city name etc. Usually SIEM tools are equipped with GEOIP databases and lookups. Syslog will include only external IPs"

Labels