Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HS
Contributor

MGMT stops send logs to SIEM

Hi,

for some reason mgmt stops sending logs SIEM.

CAn you help giving some hints how to check some logs or evidences ? or what service should be running. 

I'm not finding any troubleshooting on checkpoint documentation 😞 

Thank very much!

0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion

Which way are you sending the logs, by cp_log_exporter ro OpSec LEA?
With cp_log_exporter you use 'cp_log_exporter show' to identify the log stream and with 'cp_log_exporter name <Name of stream> status' to check if it is doing anything.
With OpSec LEA connections the connection is initiated by the SIEM solution, which starts the session and requests the logs.
Regards, Maarten
0 Kudos
HS
Contributor

Hi,

we are using OpSec LEA.

After a reboot on the management the SIEM stops comunicating with the checkpoint. 

We ran a test from SIEM and works fine but the siem never tries to get the logs.

Do you have any idea what could happen?

0 Kudos
Dan_Zada
Employee Alumnus
Employee Alumnus

Hi,
Is there any reason why you are still using LEA and not moving to the log exporter?
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events