This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lukas_Nagy
Participant
‎2017-08-25 04:09 AM
Jump to solution

Exporting R80.10 logs to Logstash ( ElasticSearch integration)

Hello,

we are trying to integrate logs from Check Point Management server into Logstash. We are using opensource tool fw1-loggrabber with support of new OPSEC API (SHA-256) supported. Exporting works, however I couldn't find a proper documentation of the fields that can be found in logs. There is not really a true structure of logs, many line have different fields and those fields are not documentated.

Is there a document that show every field that can be exported? I just found an old LEA document, but it is missing a lot of fields. (http://dl3.checkpoint.com/paid/0f/LEA_Fields_2011.pdf?HashKey=1503666450_ebd2eeca265aaca0f531f781169... ).

Writing rules for matching in Logstash is very difficult, without the knowledge what we can expect. We were following Check Point Firewall Logs and Logstash (ELK) Integration - /dev/random  

Thank you for any insight how we can do this better.

1 Solution

Accepted Solutions
5 Replies
PhoneBoy
Admin
Admin
‎2017-08-25 08:58 AM
Jump to solution

I've added a couple of updated documents on LEA:

0 Kudos
Haichao_Xie
Employee Alumnus
Employee Alumnus
‎2019-04-27 09:27 AM
In response to PhoneBoy
Jump to solution

perfect! I face same issue. will try this, Thanks a lot! sir.

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2019-04-27 11:14 AM
In response to Haichao_Xie
Jump to solution

Nowadays it might be more useful to use CP log exporter instead

Regards, Maarten
0 Kudos
Haichao_Xie
Employee Alumnus
Employee Alumnus
‎2019-04-27 05:52 PM
In response to Maarten_Sjouw
Jump to solution

thank you! sir. will check our Log Exporter work with ELK stack.

0 Kudos
Julian_Sanchez
Collaborator
‎2020-03-31 01:00 PM
In response to Haichao_Xie
Jump to solution

I believed with a SMS in R80.20 is possible send logs to logstash through syslog. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top