This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
chinmay12
Participant
3 weeks ago
Jump to solution

we are sending logs to microsoft sentinel but how to we check what logs are we sending

when I use the command cp_log_export show it does show the sentinel IP address as target server but it doesnt tell me what logs are we sending , how do I check that.

1 Solution

Accepted Solutions
the_rock
Legend
Legend
3 weeks ago
Jump to solution

Its all in file below, just make sure you go to right path based on your config. Example in my lab.

Andy

[Expert@CP-MANAGEMENT:0]# cd /opt/CPrt-R82/log_exporter/targets/test-log/
[Expert@CP-MANAGEMENT:0]# vi targetConfiguration.xml
[Expert@CP-MANAGEMENT:0]#

View solution in original post

0 Kudos
8 Replies
the_rock
Legend
Legend
3 weeks ago
Jump to solution

Its all in file below, just make sure you go to right path based on your config. Example in my lab.

Andy

[Expert@CP-MANAGEMENT:0]# cd /opt/CPrt-R82/log_exporter/targets/test-log/
[Expert@CP-MANAGEMENT:0]# vi targetConfiguration.xml
[Expert@CP-MANAGEMENT:0]#

0 Kudos
chinmay12
Participant
3 weeks ago
In response to the_rock
Jump to solution

Thanks Rock 🙂

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to chinmay12
Jump to solution

Glad we can help. Btw, I attached short video to demonstrate, its all set up via smart console now, no need to do anything via ssh actually.

Andy

Preview file
3885 KB
0 Kudos
chinmay12
Participant
3 weeks ago
In response to the_rock
Jump to solution

Thanks Rock it helps a lot. Also please could you direct me to an article which explains how to build a .XML file for granular log forwarding.

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to chinmay12
Jump to solution

Here is one example. BUT, as TAC guy told me once, which sort of goes without saying actually, make sure to backup the original file first, in case you need it and then you can make whatever changes.

Andy

https://support.checkpoint.com/results/sk/sk174145

0 Kudos
chinmay12
Participant
3 weeks ago
In response to the_rock
Jump to solution

Thanks Rock, is there a best practice document which explains what logs can be forwarded to Sentinel. considering that there is storage limitation with Sentinel.

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to chinmay12
Jump to solution

I was thinking, if you need some sort of an official guide or document (apart from what I had already sent), maybe open TAC case to verify.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events