Re: config checkpoint fowarding log to syslog

Duyen_Ngo_Van · ‎2016-08-10

I try to config Checkpoint Security Manager forwarding to a Syslog serrver, but I cant find option to create a syslog server in object catagories.

DeletedUser · ‎2016-08-11

Hi,

Yuval answered in the thread below. A syslog option is in development. Sending logs to a client like the open source fw1-loggrabber that is compiled with the OPSEC SDK and uses the LEA APIs is an option.

sending Check Point security logs to 3rd party devices via syslog

hth,

bob

Duyen_Ngo_Van · ‎2016-08-14

I got error when upgrade from 77.30 to r80 and qrada because of qrada dont support high encryption like sha-256. That why I try syslog.

DeletedUser · ‎2016-08-15

Hi,

OPSEC LEA is still probably your best option. Not sure QRadar has a syslog parser for Check Point logs. QRadar is testing their LEA client built using the SHA-256 libraries. You may be able to get an updated LEA client via their support. They plan to add SHA-256 support by the end of the year, maybe sooner. Another option is to downgrade your R80 server to SHA1 via sk103840, pasting below for your convenience.

Notes about R80 Management Server:Starting from R80, the default signing algorithm of the Internal CA (ICA) was changed from SHA-1 to SHA-256. Environments with products, which do not support SHA-256, must be manually configured to use SHA-1. Using SHA-256 will cause connectivity failure in un-supporting products.

Upgrade scenario:

Complete the upgrade process of the Management Server to R80.
Immediately after the upgrade, on the R80 Management Server, run:
[Expert@HostName]# cpca_client set_sign_hash sha1

hth,

bob

Duyen_Ngo_Van · ‎2016-08-17

thank you !

Are you a member of CheckMates?

config checkpoint fowarding log to syslog