This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pattarachai_Kho
Participant
‎2019-02-01 01:55 AM
Jump to solution

How to send log from Checkpoint moreover Opsec LEA

Hi All   I would like to know how to send log moreover opseclea ? such as Syslog also if send from Syslog  should add plug-in or add-on or not , could you please suggest to me  Firmware R77.20   The logging server  is Splunk   Thank you     

1 Solution

Accepted Solutions
Pedro_Espindola
Employee
Employee
‎2019-02-01 06:02 AM
Jump to solution

If you use central management, you can use Log Exporter (check sk122323) or connect using the Splunk Check Point addon.

You can also send syslog to a log server directly from SMB appliances in both locally and centrally managed SMBs:

View solution in original post

0 Kudos
9 Replies
Pedro_Espindola
Employee
Employee
‎2019-02-01 06:02 AM
Jump to solution

If you use central management, you can use Log Exporter (check sk122323) or connect using the Splunk Check Point addon.

You can also send syslog to a log server directly from SMB appliances in both locally and centrally managed SMBs:

0 Kudos
Pattarachai_Kho
Participant
‎2019-02-02 02:46 AM
In response to Pedro_Espindola
Jump to solution

HI R77.20 Can install Log export  plug-in?  Thank you 

0 Kudos
Pedro_Espindola
Employee
Employee
‎2019-02-03 04:47 PM
In response to Pattarachai_Kho
Jump to solution

You can install Log Export or use LEA on a R77.30 or R80.X security management server which manages a SMB appliance.

If locally managed, you have to send Syslog directly from the appliance as shown in the screenshot. No support for LEA then.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-02 09:57 AM
Jump to solution

Log Exporter is only available from R77.30 and not available for locally managed SMB appliances.

The syslog support will only get device logs (not security logs).

You cannot to my knowledge, configure a LEA connection between an SMB appliance and Splunk.

You can configure a LEA connection with a Check Point log server and configure Splunk to pull from that.

0 Kudos
Pattarachai_Kho
Participant
‎2019-02-03 07:09 PM
In response to PhoneBoy
Jump to solution

Hi thank for answer I have a little bit question now I have to integrate send a log from mgmt with opseclea application to Splunk server but I have found an issue about the Splunk server on window base is support opsec lea or not . 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-04 03:02 AM
In response to Pattarachai_Kho
Jump to solution

If you are pulling the logs from a Check Point management/log server R77.30 and above, use Log Exporter: Log Exporter - Splunk Integration Update

This does not require LEA at all as it uses syslog.

Pattarachai_Kho
Participant
‎2019-02-04 11:58 PM
In response to PhoneBoy
Jump to solution

Hi Dameon Welch-Abernathy‌  Limitation of Syslog can get log such as firewall log  or just device  log  if use log exporter 

Thank you 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-02-05 03:56 AM
In response to Pattarachai_Kho
Jump to solution

You will get the security logs into splunk. For more information see this discussion: *New* Splunk App for Check Point Logs

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Pedro_Espindola
Employee
Employee
‎2019-02-05 07:20 AM
In response to Pattarachai_Kho
Jump to solution

You can send all the security logs you seen in SmartLog with Log Exporter.

The advantage is that now MGMT is actively sending logs to Splunk, whereas with LEA Splunk has to actively collects logs from MGMT.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events