This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NhatKha
Contributor
4 weeks ago

Export log from 6200 appliance to SIEM Server

Hello everyone,

 

Currently, I have question about export log from the 6200 appliance (security log + system log) to Splunk server.

Product: 6200 appliance + cluster + distributed manage by Smart-1 Cloud
Version: R81.20 take 84

Cluster 6200 placed at HO ; The Splunk server placed at our Data Center.
The Splunk server is the internal server  => can't public (our internal policy + high risk) => can't use Smart-1 Cloud export log to it (Smart-1 Cloud require to public server if you want export log to it).
The only way is export log direct from 6200 cluster to Splunk Server using VPN tunnel. But I can't find any feature or document say about it.
Does anyone facing this problem before? Please help me.

Noted: My company already using 12 SMB appliance and it's have the feature External Log Servers > add syslog server (I used this feature export log to Splunk Server through VPN tunnel) 

 

Thanks & Best Regards,

Do Nhat Kha

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
4 weeks ago

You can export Firewall (not other blade logs) directly from a gateway.
See: https://support.checkpoint.com/results/sk/sk87560 

For logs from other blades, you are subject to the restrictions of Smart-1 Cloud.

NhatKha
Contributor
4 weeks ago
In response to PhoneBoy

Thank you, I will try the sk87560 that you suggest and will respond with results later today.

0 Kudos
JP_Rex
Collaborator
Collaborator
4 weeks ago

Another solution might be to setup a dedicated log server (CPSM-NGSM5-LOG). Not cheap ,but you can place it where you need it.

 

Regards

 

Peter

0 Kudos
PhoneBoy
Admin
Admin
4 weeks ago
In response to JP_Rex

Don't believe this is possible with Smart-1 Cloud, but I'll double check.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events