Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nenad_Odic
Contributor

Check Point r81.20 Log exporter x RSA Netwitness integration ?

Dear community is there a definitive guide for integration from the subject.????

Please if any one done this or similar  please give a clue.

I know how to add a target server in mgmt console ,but what is to be done with both sides?

RSA has a guide that is obsolete so i am asking for help.

Thank you in advance.

0 Kudos
3 Replies
Blason_R
Leader
Leader

Login to mgmt server from export mode and give below command

 

co_log_export add name RSA target-server <YOURRSA Server IP> target-port <YOURTARGETPORT> format <cef/leef/syslog> protocol <udp/tcp>

 

If added then

cp_log_export restart RSA

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
Nenad_Odic
Contributor

I have did that and i do have an target server but log exporter is not running,and i have installed database after configuring the object.

In attach there are the object in console and status from expert mode

 

0 Kudos
PhoneBoy
Admin
Admin

I'm pretty sure we did an integration with RSA Netwitness as it's one of the products we list here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
There are even TAC cases on the subject that suggest using CEF format when integrating with RSA Netwitness.
As for a specific integration guide, you will need to approach RSA.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events