- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Send Firewalls(Connections etc) Logs to SIEM/Syslo...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Send Firewalls(Connections etc) Logs to SIEM/Syslog Server
Hello All!
At this moment, our Firewalls are sending the logs to Security Management Server, but we also need send it to SIEM/Syslog server.
So the question is: Is it possible mantain the sendo of logs to SMS and also send connections logs to remote Syslog Server like IBM Qradar?
We need send it by syslog and we can not use OPSec integration option.
Thank you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want to send logs to a SIEM it needs to be done from management/log server anyway.
Log Exporter is the recommended way to do this (replaces OPSEC LEA).
See: https://community.checkpoint.com/t5/Management/Log-Exporter-guide/m-p/9035#M23472
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Definitely use Log Exporter to send syslog from Management Server to SIEM. Do not send syslog from the gateway itself, that's not the connection syslog you are looking for.
You can also configure Log Exporter with filter to send different syslog to multiple destination in case you have different destinations or integration that require to receive syslog.