This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wang
Collaborator
‎2019-10-25 12:04 AM

How do you send CheckPoint log to ELK?

Hello, engineers,How do you send CheckPoint log to ELK?Thank you very much for your support

0 Kudos
6 Replies
Nick_Doropoulos
Advisor
‎2019-10-25 02:45 AM

Hey Wang,

You might want to have a look at the documentation provided by @PhoneBoy  in the link below:

https://community.checkpoint.com/t5/Logging-and-Reporting/Exporting-R80-10-logs-to-Logstash-ElasticS...

I hope this helps.

0 Kudos
Wang
Collaborator
‎2019-10-25 05:33 AM
In response to Nick_Doropoulos

Thank you very much
0 Kudos
Nick_Doropoulos
Advisor
‎2019-10-25 05:34 AM
In response to Wang

No problem at all, if you could accept it as a solution and give a kudos even it would be much appreciated 🙂

PhoneBoy
Admin
Admin
‎2019-10-25 08:40 AM
In response to Nick_Doropoulos

The problem with this thread is it's still being done with LEA.
Really, you should be using Log Exporter to do this.
I presume ELK can take logs over syslog?
Whether it can parse them is a different story.
Wang
Collaborator
‎2019-10-28 11:28 PM
In response to PhoneBoy

Thank you
0 Kudos
FedericoMeiners
Advisor
‎2019-10-25 12:19 PM

Log Exporter works like a charm to send logs to ELK, I used syslog in one of our customers.

As PhoneBoy said, true challenge is on the parsing side. I suggest you to look the new SIEM feature from the ELK team, maybe it has some nive out of the box parsers.

____________
https://www.linkedin.com/in/federicomeiners/

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top