This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duyen_Ngo_Van
Participant
‎2016-08-10 01:22 AM

config checkpoint fowarding log to syslog

I try to config  Checkpoint Security Manager forwarding to a Syslog serrver, but I cant find option to create a syslog server in object catagories.

0 Kudos
4 Replies
DeletedUser
Not applicable
‎2016-08-11 11:12 AM

Hi,

Yuval answered in the thread below. A syslog option is in development. Sending logs to a client like the open source fw1-loggrabber that is compiled with the OPSEC SDK and uses the LEA APIs is an option.

sending Check Point security logs to 3rd party devices via syslog

hth,

bob

0 Kudos
Duyen_Ngo_Van
Participant
‎2016-08-14 11:41 PM
In response to DeletedUser

I got error when upgrade from 77.30 to r80 and qrada  because of  qrada dont support high encryption  like sha-256. That why I try syslog.

0 Kudos
DeletedUser
Not applicable
‎2016-08-15 10:52 AM
In response to Duyen_Ngo_Van

Hi,

OPSEC LEA is still probably your best option. Not sure QRadar has a syslog parser for Check Point logs. QRadar is testing their LEA client built using the SHA-256 libraries. You may be able to get an updated LEA client via their support. They plan to add SHA-256 support by the end of the year, maybe sooner. Another option is to downgrade your R80 server to SHA1 via sk103840, pasting below for your convenience.

Notes about R80 Management Server:Starting from R80, the default signing algorithm of the Internal CA (ICA) was changed from SHA-1 to SHA-256. Environments with products, which do not support SHA-256, must be manually configured to use SHA-1. Using SHA-256 will cause connectivity failure in un-supporting products.

Upgrade scenario:

  1. Complete the upgrade process of the Management Server to R80.
  2. Immediately after the upgrade, on the R80 Management Server, run:
    [Expert@HostName]# cpca_client set_sign_hash sha1

hth,

bob

0 Kudos
Duyen_Ngo_Van
Participant
‎2016-08-17 11:51 PM
In response to DeletedUser

thank you !

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events