- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
This video elaborate on Check Point's R80.20 log exporter feature, introducing an easy and secure method for exporting Check Point logs to 3rd party SIEM applications, using various protocols (like TCP or UDP) and formats (like syslog, CEF, or LEEF)
Splunk also has a Opsec Connection (LEA) to receive the logs. Is there an advantage to use this export feature?
While we will continue to support LEA for the time being, Log Exporter is going to be the recommended method for exporting logs to third party SIEMs going forward.
Thanks. Is there an SK for this? Perhaps that and a link to that or to the admin guide with the info about that would be beneficial in this thread.
Don
The official SK: Log Exporter - Check Point Log Export
The "canonical" thread on CheckMates: Log Exporter guide
And so the loop is closed and it's all brought together.
Nice one, thank you Dameon.
Does log exporter on R80.20 configuration on MLM sends logs with source IP of each configured CLM.
We had this requirement for long and lately few months back R&D suggested that it will be in R80.20.
We recently upgraded to R80.20 though still see MLM ip as source on syslog for all CLM.
We want separate connection with each CLM IP itself.
Pls suggest
Thanks Martin -
I got the idea, though as I checked, if I use TCP as protocol for Syslog, I can see CLM IP as desired but not the case with UDP(though need to check myself).
Will update final result.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY