Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jt-jt
Participant

Log Exporter to SIEM via CEF forwarder

Hi,

Please can someone enlighten me in the following?
Do the Check Point exported logs (via log exporter) specify which Facility (e.g. Local 7 or else) when going via a CEF forwarder into a SIEM please?

Thanks.

0 Kudos
4 Replies
_Val_
Admin
Admin

Hi, just to make sure, did you already review sk122323, specifically its CEF section?

If yes, and you still have questions, please elaborate.

I also encourage you to search this community for other CEF related discussions, there are a quite a few.

0 Kudos
jt-jt
Participant

ok, maybe I am asking the wrong question.

Has anyone any experience in setting up the Azure Monitor DCR to work with AMA (on a CEF forwarder) to ingest CP logs into a SIEM?

Due to how the AMA and DCR works it will be great to confirm if the log exporter logs go into a particular syslog facility on the CEF forwarder Linux servers.
I don't think they do from reading the sk, and searches, hence the question.

0 Kudos
_Val_
Admin
Admin

So, the question to the community is whether someone already deployed a Log Exporter with Azure Monitor DCR?

0 Kudos
PhoneBoy
Admin
Admin

He's specifically asking what "facility" that we use when we send logs in syslog format via Log Exporter.
The answer to that is local use 0 (local0).
Should you wish to change it, see: https://support.checkpoint.com/results/sk/sk125253 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events