This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PhoneBoy
Admin
Admin
‎2017-08-25 08:47 AM

LEA Fields

Document describing the fields in LEA

Labels
LEA_Fields_2014.pdf
Preview file
864 KB
5 Replies
Sarah_Rettger
Ambassador
Ambassador
‎2018-04-03 06:53 AM

Is there a new version of this for R80.10?

PhoneBoy
Admin
Admin
‎2018-04-03 09:21 AM

As far as I know, not really, since the LEA format didn't change.

0 Kudos
Peter_McCarthy
Explorer
‎2018-07-09 01:53 PM

There are a number of new fields logged with R80.10, not to mention a significant increase in the amount of storage space used. Some sort of reference material would be very useful.

0 Kudos
DeletedUser
Not applicable
‎2018-07-09 10:26 PM

What sort of reference material are you looking for? We don't have a complete list of the raw log fields that we can give you today, but as I understand it, this is part of the Log Exporter project. If you are using the LEA API today, its worth your while to have a look at Log Exporter (sk122323). Regarding performance and reducing the size of the logs sent to your syslog server also have a look at the Log Exporter guide discussion.  

0 Kudos
Hugo_vd_Kooij
Advisor
‎2018-08-24 03:30 AM

It's more that I am working the other way around. I try to make as much sense as I can from syslog details I get from other sources and translate them to the equivalent fields in Check Point.

iptables output was relative easy. Now I try to make sense out of email syslog output.

Some years ago I wrote a parser addon for logwatch based on How to Parse the Barracuda Email Security Gateway Syslog as shown on Logwatch modules and now I would like to make some sense out of it and push it into Check Point logs so I have a more complete overview of the traffic in my lab.

Apart from the manual a lot can be reverse engineered by just looking around in the GUI. For example no one documents the various values that are valid in the Action field. But that list is easy to see if you open SmartConsole.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top