This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RKinsp
Contributor
‎2021-03-30 12:04 PM

cp_log_export filter

Hey everyone,

We are trying to get cp_log_export to send out logs only Firewall rules with accounting (unified with URL Filtering) and NAT.

The SKs are very confusing when it comes to this and we want to avoid messing with the xml file, so using the filter-blade-in seemed the best choice.

Anybody have a list of the actually options for this? From sk144192 it seems like "NAT" and "VPN-1 & FireWall-1" are my best options, there doesn't seem to be an "access" option.

Another issue is that sk122323 does not indicated how to remove the filter or confirm that it was applied correctly.

Would this work?

cp_log_export add name sp2 target-server x.x.x.x target-port 514 protocol udp format syslog read-mode semi-unified
cp_log_export restart name sp2

cp_log_export set name sp2 filter-blade-in "VPN-1 & Firewall-1,NAT"

 

(Running on R81)

Thanks!

RK

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2021-04-01 01:17 PM

I don't know that NAT is a valid option for Blades, or at least sk122323 doesn't suggest it is.
However, it if shows in the Product field of the relevant log entries, maybe it'll work?
To ensure you get all relevant logs, I'd use:  VPN-1 & FireWall-1,Firewall,Application Control,URL Filtering (and NAT if it's actually listed).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top