Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
TaylorHung
Explorer

Not find field Source port, destination port in raw logs to QRadar

Hello everyone,

I configured syslog through Log exports on Checkpoint R81.10, but on qradar not find fields source port and destination port.

Tell me if you know. Thanks a lot

Regards,

Taylor

0 Kudos
5 Replies
_Val_
Admin
Admin

There are two fields in your raw log entry: s_port and service. You must be using the wrong parser.


Screenshot 2023-02-14 at 10.28.17.png

0 Kudos
TaylorHung
Explorer

What format does Checkpoint support log normalization ? and How can I change format log ? 

Thanks a lot

0 Kudos
_Val_
Admin
Admin

I don't think you will resolve this on Check Point side. This is an obvious IBM QRadar config question

0 Kudos
_Val_
Admin
Admin

Yet, you are welcome to check the relevant parts of the Logging and Monitoring guide for your CP version, for example: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/To...

 

Look under "Log Exporter Advanced Configuration Parameters" in the guide

0 Kudos
TaylorHung
Explorer

Thank you, I will check Qradar config

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events