This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arturxr
Explorer
‎2021-10-26 11:44 PM

Export logs from var / log / messages in cef format 

hello, is it possible to export logs from / var / log / messages in cef format to siem system?
It is known that it is not possible to do it through cp_log_export, and with sk102995 there is no way to change the format to cef.
0 Kudos
4 Replies
G_W_Albrecht
Legend
Legend
‎2021-10-27 12:04 AM

See sk122323: Log Exporter - Check Point Log Export :

Formats: Syslog, Splunk, CEF, LEEF, Generic, JSON, LogRhythm, RSA

cp_log_export add name <Name> [domain-server <Name or IP address of Domain Server>] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa}

CCSE CCTE CCSM SMB Specialist
0 Kudos
Arturxr
Explorer
‎2021-10-27 12:08 AM
In response to G_W_Albrecht

Hello, I looked at this sk, there is no way to export specifically / var / log / messages, the manufacturer says the same

0 Kudos
G_W_Albrecht
Legend
Legend
‎2021-10-27 01:36 AM
In response to Arturxr

Look into this discussion about getting logs from security gateway (not traffic related logs, but for example, /var/log/messages) from syslog:

https://community.checkpoint.com/t5/General-Topics/Syslog-messages-from-the-Security-Gateway/td-p/31...

 

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-27 06:56 AM

Log Exporter can export Security Logs (not from /var/log/messages) in CEF format.
You can send OS logs to the Security Logs as @G_W_Albrecht mentions, which can then be exported as CEF.
However, I suspect the result of that may not be what you’re after.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫