cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
sameerm
Ivory

Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

Hi Team,

We're looking forward to offload our MDS/MLM by sending traffic logs directly from firewall to SIEM solutions.Can log exporter directly send traffic logs(fw.log) from firewall to SIEM ? Firewalls and MDS/MLM are running on R80.20 with latest take.

SIEM solution is QRadar.

 

Thanks

Sameer

 

0 Kudos
5 Replies
Admin
Admin

Re: Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

Log Exporter can only run on a log server, which includes SMS/MDM/MLM, not a Security Gateway.
Gateways can be configured to send Firewall logs directly to a location, but this does not include other blades like IPS and App Control, so it will be incomplete.
0 Kudos
sameerm
Ivory

Re: Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

Thanks for your reply @Phone Boy !
We don't want SIEM solution to fetch logs from MDS/MLM, instead we're looking for a solution where gateway can directly send its fw.log to SIEM solution.
Can gateway(R80.20) send its logs(fw.log) to SIEM(QRadar)? of course firewall logs for now.
0 Kudos
Admin
Admin

Re: Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

Here's how you configure a Check Point gateway to send firewall logs to a syslog server:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Whether QRadar will receive and parse these logs is a different question.
Whether this information will yield useful information in QRadar without information from the other blades is another separate question.
The only supported and recommended method is to use Log Exporter.
0 Kudos

Re: Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

Personal experience: Log Exporter + QRadar works great, you will don't have to do parsing at all for most use cases and correlations.

https://www.linkedin.com/in/federicomeiners/
0 Kudos

Re: Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

It's important to mention that you can forward syslog messages from the gateways to the management server. You can set this up on the Web UI of each gateway that runs Gaia OS.

If you do this + log exporter on the management you will have complete overview of your gateways in the SIEM.

_____

https://www.linkedin.com/in/federicomeiners/
0 Kudos