Hi Andy,

 we have uploaded successfully, but microsoft did not parse it and throw the above error out as you will see. microsoft side say that they support checkpoint. But they can not parse it. We want to use the feature.
End of the line is disappear in the pic, it is 

CHECKPOINT_CEF_SYSLOG

So its complaining about the log format. Can you send output of cp_log_export show?

Andy

name: MicrosoftCloudApp-logcollector
      enabled: false
      target-server: 10.X.X.X
      target-port: 514
      protocol: udp
      format: syslog
      read-mode: semi-unified
      export-attachment-ids: false
      export-link: false
      export-attachment-link: false
      time-in-milli: false
      export-log-position: false
      reconnect-interval: Not configured, using default

Not sure then why it does not parse it on the other side, since you selected syslog. Did you reach out to their support?

Andy

nope, the checkpoint side has already published a SK for that purpose?https://support.checkpoint.com/results/sk/sk177524

However, some say that they achieve this by using the CEF format. https://community.checkpoint.com/t5/Management/Log-Exporter-to-Microsoft-Defender-for-Cloud-Apps/td-...

We also tried it, but still no chance. I just open it to check if someone who is achieve also.

Regards

Not sure if that sk would be 100% applicable in your case, but I would certainly try with different formats to see if it makes any difference.

Andy

When I followed up on the SK, I saw the Microsoft Side report.  They correctly parse the data I have uploaded.  But I just want to do it with the auto way.

Thats fine for the report, but question is does it work regardless of what log format you use?

Andy

You need a CSV file from the checkpoint side by using logexport. then you have to tell the Microsoft which column header you need to parse and also the delimiter. just it. then you will upload the CSV file you get from the checkpoint. It will upload and try to parse it. and will notify you.

K, sounds good.