Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
yrsweetspt
Explorer

Logs to SIEM issues

Hello,

We have recently integrated our CheckPoints with arcsight, though the siem receives less than expected logs.

Also, it seems like the logs that are being sent are over 4000 chars, thus they are not readable.

Have you any idea why is this happening?

0 Kudos
4 Replies
_Val_
Admin
Admin

Let's start from the basics. Are you using LogExporter from sk122323?

0 Kudos
yrsweetspt
Explorer

Yes, exactly, we are using log exporter.

0 Kudos
_Val_
Admin
Admin

Good. Look at the SK and check which parameters to enable. 

I did not understand what you mean when saying: "...it seems like the logs that are being sent are over 4000 chars, thus they are not readable."

Can you elaborate?

0 Kudos
Timothy_Hall
Legend Legend
Legend

When you say "less than expected logs" are you referring to logs involving Threat Prevention?  If so this is related to log suppression which can impact SIEMs, see slides 13-19 of my CPX 2022 presentation "Max Gander: The Hidden World of Log Suppression & Generation on Check Point":

https://community.checkpoint.com/t5/Member-Exclusive-Content/Max-Gander-The-Hidden-World-of-Log-Gene...

It might also be related to Connection vs. Session logging which is also covered.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events