- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- How to send log from Checkpoint moreover Opsec LEA
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to send log from Checkpoint moreover Opsec LEA
Hi All I would like to know how to send log moreover opseclea ? such as Syslog also if send from Syslog should add plug-in or add-on or not , could you please suggest to me Firmware R77.20 The logging server is Splunk Thank you
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you use central management, you can use Log Exporter (check sk122323) or connect using the Splunk Check Point addon.
You can also send syslog to a log server directly from SMB appliances in both locally and centrally managed SMBs:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you use central management, you can use Log Exporter (check sk122323) or connect using the Splunk Check Point addon.
You can also send syslog to a log server directly from SMB appliances in both locally and centrally managed SMBs:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI R77.20 Can install Log export plug-in? Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can install Log Export or use LEA on a R77.30 or R80.X security management server which manages a SMB appliance.
If locally managed, you have to send Syslog directly from the appliance as shown in the screenshot. No support for LEA then.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Log Exporter is only available from R77.30 and not available for locally managed SMB appliances.
The syslog support will only get device logs (not security logs).
You cannot to my knowledge, configure a LEA connection between an SMB appliance and Splunk.
You can configure a LEA connection with a Check Point log server and configure Splunk to pull from that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi thank for answer I have a little bit question now I have to integrate send a log from mgmt with opseclea application to Splunk server but I have found an issue about the Splunk server on window base is support opsec lea or not .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you are pulling the logs from a Check Point management/log server R77.30 and above, use Log Exporter: Log Exporter - Splunk Integration Update
This does not require LEA at all as it uses syslog.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Dameon Welch-Abernathy Limitation of Syslog can get log such as firewall log or just device log if use log exporter
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You will get the security logs into splunk. For more information see this discussion: *New* Splunk App for Check Point Logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can send all the security logs you seen in SmartLog with Log Exporter.
The advantage is that now MGMT is actively sending logs to Splunk, whereas with LEA Splunk has to actively collects logs from MGMT.