cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Unable to get audit logs from Checkpoint R80.10

Hi Team,

I am a SIEM engineer and wants to integrate Checkpoint firewall R80.10 version with ArcSight SIEM. We have used Syslog exporter module in order to receive logs through syslog. 

 

Currently we are receiving Traffic logs.

Please somebody help me with the exact configurations to be done at the firewall end in order to receive audit logs along with traffic logs.

 

Regards,

Mitesh Agrawal 

0 Kudos
1 Reply
Highlighted
Admin
Admin

Re: Unable to get audit logs from Checkpoint R80.10

Precisely how have you configured this today?
There are two ways to do syslog:
1. Direct from the gateway, which only has Firewall logs and nothing from other blades or the management (including Audit logs)
2. Using Log Exporter, which should get this information by default. See: https://community.checkpoint.com/t5/Logging-and-Reporting/Log-Exporter-guide/m-p/9035#M968
0 Kudos