cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee+
Employee+

Log Exporter - Splunk Integration Update

Hello Everyone,

We are currently in advanced stages of developing a Log Exporter update that will add CIM support.

This will give us better Splunk integration for CIM oriented apps and dashboards (e.g. Splunk Enterprise Security).

 

We are currently looking for customers who wish to test this new feature (in either their lab or production) and share their feedback with us.

 

I would also really appreciate if in your email you could also add the following details:

  • what version of Check Point do you use? And what version of Splunk server?
  • Is your Splunk environment installed as a single-instance or is it a distributed environment?
  • Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on?

       

The new update will also enable the Log Exporter to work in a semi-unified mode.

For those who are unfamiliar with this setting, it means that updates are unified with their original log before they are exported. This makes the information in the update log complete and makes the update log itself more readable (in raw mode you had to manually search for the original log to make sense of the update).

Best Regards,

 Yonatan 

Labels (1)
4 Replies

Re: Log Exporter - Splunk Integration Update

Hi Yonatan,

I am deploying R80.10 Checkpoint FW(3 Tie architecture) in AWS. I am using Terraform for resource provisioning and Ansible for config automation. I am looking for the solution to add Ansible config to send log from Checkpoint FW to Splunk server, details are below, 

  • what version of Check Point do you use? R80.10
  • And what version of Splunk server?   Splunk Version7.0.1
  • Is your Splunk environment installed as a single-instance or is it a distributed environment?   : Distributed.
  • Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on? No.

Please suggest on this, if possible please share the example of script should look like.

Thank you, 

Amit Chaubey

Re: Log Exporter - Splunk Integration Update

Hi Yonatan,

 

I am deploying R80.10 Checkpoint FW(3 Tie architecture) in AWS. I am using Terraform for resource provisioning and Ansible for config automation. I am looking for the solution to add Ansible config to send log from Checkpoint FW to Splunk server, details are below, 

 

  • what version of Check Point do you use? R80.10
  • And what version of Splunk server?   Splunk Version7.0.1
  • Is your Splunk environment installed as a single-instance or is it a distributed environment?   : Distributed.
  • Have you already tested out previous releases of the Log Exporter or is this your first use of the add-on? No.

 

Please suggest on this, if possible please share the example of script should look like.

 

Thank you, 

 

Amit Chaubey

0 Kudos
Employee+
Employee+

Re: Log Exporter - Splunk Integration Update

Hi Amit, 

Sorry for the late response.

We've basically closed off the EA at this point, but after some internal debate and since we haven't tested this new feature on AWS we decided that this is an interesting use case and will gladly add you to the EA cycle as well. 

Just a small clarification based on your post - the logs will be sent from the gateway to the management/log server and will be forwarded from there to the Splunk server. They are not sent directly from the gateway to Splunk.

If you still wish to participate please contact me offline at (edited as the feature is already GA)

Regards,

 Yonatan 

0 Kudos

Re: Log Exporter - Splunk Integration Update

In case anyone has missed it, this is GA now. For more information see this discussion: *New* Splunk App for Check Point Logs