Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rodrigoteixeira
Participant

Send Firewalls(Connections etc) Logs to SIEM/Syslog Server

Hello All!

At this moment, our Firewalls are sending the logs to Security Management Server, but we also need send it to SIEM/Syslog server.
So the question is: Is it possible mantain the sendo of logs to SMS and also send connections logs to remote Syslog Server like IBM Qradar?
We need send it by syslog and we can not use OPSec integration option.

Thank you.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

If you want to send logs to a SIEM it needs to be done from management/log server anyway.
Log Exporter is the recommended way to do this (replaces OPSEC LEA).
See: https://community.checkpoint.com/t5/Management/Log-Exporter-guide/m-p/9035#M23472

Cyber_Serge
Collaborator

Definitely use Log Exporter to send syslog from Management Server to SIEM. Do not send syslog from the gateway itself, that's not the connection syslog you are looking for.

You can also configure Log Exporter with filter to send different syslog to multiple destination in case you have different destinations or integration that require to receive syslog.

0 Kudos