Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Admin
Admin

LEA Fields

Document describing the fields in LEA

Labels (1)
5 Replies
Highlighted
Employee+
Employee+

Is there a new version of this for R80.10?

Highlighted
Admin
Admin

As far as I know, not really, since the LEA format didn't change.

0 Kudos
Highlighted
Explorer

There are a number of new fields logged with R80.10, not to mention a significant increase in the amount of storage space used. Some sort of reference material would be very useful.

0 Kudos
Highlighted

What sort of reference material are you looking for? We don't have a complete list of the raw log fields that we can give you today, but as I understand it, this is part of the Log Exporter project. If you are using the LEA API today, its worth your while to have a look at Log Exporter (sk122323). Regarding performance and reducing the size of the logs sent to your syslog server also have a look at the Log Exporter guide discussion.  

0 Kudos
Highlighted

It's more that I am working the other way around. I try to make as much sense as I can from syslog details I get from other sources and translate them to the equivalent fields in Check Point.

iptables output was relative easy. Now I try to make sense out of email syslog output.

Some years ago I wrote a parser addon for logwatch based on How to Parse the Barracuda Email Security Gateway Syslog as shown on Logwatch modules and now I would like to make some sense out of it and push it into Check Point logs so I have a more complete overview of the traffic in my lab.

Apart from the manual a lot can be reverse engineered by just looking around in the GUI. For example no one documents the various values that are valid in the Action field. But that list is easy to see if you open SmartConsole.

0 Kudos