Create a Post
Showing results for 
Search instead for 
Did you mean: 

LEA Fields

Document describing the fields in LEA

5 Replies

Is there a new version of this for R80.10?


As far as I know, not really, since the LEA format didn't change.

0 Kudos

There are a number of new fields logged with R80.10, not to mention a significant increase in the amount of storage space used. Some sort of reference material would be very useful.

0 Kudos
Not applicable

What sort of reference material are you looking for? We don't have a complete list of the raw log fields that we can give you today, but as I understand it, this is part of the Log Exporter project. If you are using the LEA API today, its worth your while to have a look at Log Exporter (sk122323). Regarding performance and reducing the size of the logs sent to your syslog server also have a look at the Log Exporter guide discussion.  

0 Kudos

It's more that I am working the other way around. I try to make as much sense as I can from syslog details I get from other sources and translate them to the equivalent fields in Check Point.

iptables output was relative easy. Now I try to make sense out of email syslog output.

Some years ago I wrote a parser addon for logwatch based on How to Parse the Barracuda Email Security Gateway Syslog as shown on Logwatch modules and now I would like to make some sense out of it and push it into Check Point logs so I have a more complete overview of the traffic in my lab.

Apart from the manual a lot can be reverse engineered by just looking around in the GUI. For example no one documents the various values that are valid in the Action field. But that list is easy to see if you open SmartConsole.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events