- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
hello, is it possible to export logs from / var / log / messages in cef format to siem system?
It is known that it is not possible to do it through cp_log_export, and with sk102995 there is no way to change the format to cef.
See sk122323: Log Exporter - Check Point Log Export :
Formats: Syslog, Splunk, CEF, LEEF, Generic, JSON, LogRhythm, RSA
cp_log_export add name <Name> [domain-server <Name or IP address of Domain Server>] target-server <HostName or IP address of Target Server> target-port <Port on Target Server> protocol {udp | tcp} format {syslog | splunk | cef | leef | generic | json | logrhythm | rsa}
Hello, I looked at this sk, there is no way to export specifically / var / log / messages, the manufacturer says the same
Look into this discussion about getting logs from security gateway (not traffic related logs, but for example, /var/log/messages) from syslog:
Log Exporter can export Security Logs (not from /var/log/messages) in CEF format.
You can send OS logs to the Security Logs as @G_W_Albrecht mentions, which can then be exported as CEF.
However, I suspect the result of that may not be what you’re after.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY