This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
a week ago

Direct log forwarding from Quantum Spark to on-prem SIEM

Hi experts,

We are currently using multiple Quantum Spark appliances managed by Smart-1 Cloud.
We are planning to introduce an on-prem SIEM(include syslog feature) in order to perform correlation analysis
together with logs from our other network devices.

However, when using the Smart-1 Cloud Log Exporter, log forwarding is subject to
ingestion-based billing. To avoid additional costs, we would prefer to have the
Gateway itself send logs directly to our on-prem SIEM server.

I would like to ask for clarification on the following points:

1. Under Smart-1 Cloud management, is it possible for a Gateway to send logs
both to an external SIEM server and to Smart-1 Cloud at the same time?

2. If direct log forwarding from the Gateway is supported, does it require any
additional licenses?

Our intention is to continue using Smart-1 Cloud for management, while forwarding logs
independently from the Gateway directly to our SIEM.

If anyone has experience with this setup or detailed knowledge of the official
specifications, your guidance would be greatly appreciated.

Thank you in advance.

0 Kudos
4 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
Wednesday

Typically configuring a syslog server entry in GAiA OS would yield only local OS logs, security logs come via the Management.

CCSM R77/R80/ELITE
0 Kudos
AkosBakos
MVP Silver
MVP Silver
Wednesday

Hi @TSOL 

Maybe this is what are you looking for 🙂

https://sc1.checkpoint.com/documents/Appliances/Quantum_Spark_R82.00.X/CLI/EN/Content/Topics/add-net...

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
PhoneBoy
Admin
Admin
Thursday
In response to AkosBakos

Not sure SIEMs can injest Netflow.
Also, Netflow only communicates active connections.

0 Kudos
PhoneBoy
Admin
Admin
Thursday

For regular (non-SMB) gateways, there is: https://support.checkpoint.com/results/sk/sk87560 
Note this only gets firewall logs, not logs for other blades.
Not sure you can set an external syslog server for security logs on a centrally managed SMB.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events