cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted

Log Exporter Integration with GrayLog

Hi Masters,

 

    please, I have one customer requesting the integration between R80.20 Security Mangement and Smart Event Server with his GrayLog (https://www.graylog.org/) , actually it is working with GELF format.

    Reading the CP LogExporter Guide, I did not find the support to GrayLog or GELF (http://docs.graylog.org/en/2.5/pages/gelf.html)  log file format.

    Please, does someone integrated CP Security Management/SmartEvent with Graylog with CP LogExporter or other tool ?

 

Sincerely.

Tiago Marques.

0 Kudos
3 Replies
Admin
Admin

Re: Log Exporter Integration with GrayLog

I have not heard about GrayLog previously. Does it only support GELF format or does it support other formats?

0 Kudos

Re: Log Exporter Integration with GrayLog

Hi PhoneBoy!!!

   The customer's GrayLog version support other formats too.

   Talking with him, he will execute a lab with a CEF, for it, he will install the GrayLog Plugin to support CEF from (https://marketplace.graylog.org/addons/b2c55194-a76e-4fd7-89fd-5421188bf33f) and follow up me.

    Please, do you know some url that describes all fields of the log file ?

 

Sincerely.

Tiago Marques.

0 Kudos

Re: Log Exporter Integration with GrayLog

Not all of the fields have been defined. Here’s a list of the raw Check Point threat prevention fields from sk134634.

https://community.checkpoint.com/t5/Logging-and-Reporting/Threat-Prevention-Log-Field-Documentation/...

 

Remember one of the benefits of Log Exporter is that it maps Check Point fields to different formats so if the SIEM consumes CEF, LEEF or CIM then you may want to use one of these Log Exporter formats. For instance.

https://community.checkpoint.com/t5/Logging-and-Reporting/Log-Exporter-CEF-Field-Mappings/m-p/41060

 

You can ask to add GELF support as an RFE. 

https://www.checkpoint.com/rfe/rfe.htm