Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ohhdiddlediddle
Explorer

IPS blade logs - Log exporter

I would like to send IPS blade logs in semi-unified mode over the port 1514/UDP, going through the articles, it looks like I need to create a filter and below is the filter I got it from Log Exporter - Check Point Log Export.

My log exporter statement is

cp_log_export add name <NewName> domain-server <Domain-Server-IP> target-server <SIEMIP> target-port 1514 protocol UDP format syslog read-mode semi-unified

name: **hidden**
enabled: true
target-server: **hidden**
target-port: 1514
protocol: udp
format: syslog
read-mode: semi-unified
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false


<filters>
<filterGroup operator="and">
<field name="action" operator="and">
</field>
<field name="origin" operator="and">
</field>
<field name="product" operator="or">
<value operation="eq">SmartDefense</value>
<value operation="eq">Threat Emulation</value>
</field>
</filterGroup>
</filters>

 

0 Kudos
0 Replies