Hi,
We have configured a syslog server on R81.10. The logs are forwarding but do not have action in them . The destination is a rhel server with syslog agent running
Can you please let me know what all need to be checked here
Any pointers appreciated
CEF:0|Check Point|SmartDefense|Check Point|IPS|SIPVicious Security Scanner|High|cp_severity=High cs2Label=Protection ID cs2=asm_dynamic_prop_SC_SIPVICIOUS cs3Label=Protection Type cs3=IPS cs4Label=Protection Name cs4=SIPVicious Security Scanner deviceDirection=2 flexNumber1Label=Confidence flexNumber1=9 flexNumber2Label=Performance Impact flexNumber2=8 flexString2Label=Attack Information flexString2=SIPVicious Security Scanner msg=Scanner Enforcement Violation rt=1680679718000 loguid={0x9fsdf6ec6,0xdsfdb,0xf8cfcb06,0xbsdf99} origin=132.6.99.180 originsicname=CN\=CHN-New-CP-DW-3,O\=PU-MEZ-CHKPTMGMT-01.napesorg.com.qibhes sequencenum=8842 version=3 description_url=SC_SIPVICIOUS_help.html dst=192.168.2.1 product=SmartDefense smartdefense_profile=Optimized src=81.14.123.112