cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Export Logs To LogRhythm using Log Exporter

Has anyone used Log Exporter to export logs to LogRhythm?  I have a Check Point managment server that is also the log server running R80.20.  I've configured Log Exporter and am sending logs to LogRhythm using the CEF format.  However, LogRhythm says they cannot parse the logs.  Has anyone else run into this problem and found a solution?

Thanks.

0 Kudos
3 Replies

Re: Export Logs To LogRhythm using Log Exporter

We were told by LR support that the only supported method is via OPSEC LEA.  They said they are working on Log Exporter support, though no date was given.  Very disappointing.

We did successfully get this going with LEA, however the events per second are massive and we don't seem to be getting any Threat Prevention logs.  We are currently working on filtering events at the LR collector and will soon be looking into where those TP logs are at.  We are not in a good position at the moment with these two products working together.

Another issue to keep an eye on with Log Exporter in general is that with R80.20/30 you cannot filter what is exported.  I'm keeping my fingers crossed that this is worked out by the time LR gets around to supporting it.

0 Kudos

Re: Export Logs To LogRhythm using Log Exporter

There was a post here a bit ago about log exporter being updated to add filtering capabilities.

SK122323

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos

Re: Export Logs To LogRhythm using Log Exporter

I think you are referring to the post announcing initial filtering support.  If you look under the Installation section of that same KB it explicitly states filtering for R80.20 & R80.30 is not yet supported.

0 Kudos