Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MiteshAgrawal15
Participant

Unable to get audit logs from Checkpoint R80.10

Hi Team,

I am a SIEM engineer and wants to integrate Checkpoint firewall R80.10 version with ArcSight SIEM. We have used Syslog exporter module in order to receive logs through syslog. 

 

Currently we are receiving Traffic logs.

Please somebody help me with the exact configurations to be done at the firewall end in order to receive audit logs along with traffic logs.

 

Regards,

Mitesh Agrawal 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Precisely how have you configured this today?
There are two ways to do syslog:
1. Direct from the gateway, which only has Firewall logs and nothing from other blades or the management (including Audit logs)
2. Using Log Exporter, which should get this information by default. See: https://community.checkpoint.com/t5/Logging-and-Reporting/Log-Exporter-guide/m-p/9035#M968
0 Kudos