Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arturxr
Explorer

Export logs from var / log / messages in cef format

hello, is it possible to export logs from / var / log / messages in cef format to siem system?
It is known that it is not possible to do it through cp_log_export, and with sk102995 there is no way to change the format to cef.
0 Kudos
4 Replies
G_W_Albrecht
Legend
Legend

See sk122323: Log Exporter - Check Point Log Export :

Formats: Syslog, Splunk, CEF, LEEF, Generic, JSON, LogRhythm, RSA

cp_log_export add name <Name> [domain-server <Name or IP address of Domain Server>] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa}

CCSE CCTE SMB Specialist
0 Kudos
Arturxr
Explorer

Hello, I looked at this sk, there is no way to export specifically / var / log / messages, the manufacturer says the same

0 Kudos
G_W_Albrecht
Legend
Legend

Look into this discussion about getting logs from security gateway (not traffic related logs, but for example, /var/log/messages) from syslog:

https://community.checkpoint.com/t5/General-Topics/Syslog-messages-from-the-Security-Gateway/td-p/31...

 

CCSE CCTE SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

Log Exporter can export Security Logs (not from /var/log/messages) in CEF format.
You can send OS logs to the Security Logs as @G_W_Albrecht mentions, which can then be exported as CEF.
However, I suspect the result of that may not be what you’re after.

0 Kudos