AnsweredAssumed Answered

Third party syslog integration

Question asked by Oded Bergman on Dec 17, 2015
Latest reply on Sep 20, 2017 by Hugo van der Kooij

Check Point Log Server can read third party syslogs. It requires a parsing file that defines how to convert the syslog message into Check Point log - which value to read and fill in which Check Point log field. A different parsing file is required for each type of syslog. Creating this parsing file requires a manual procedure to make once using an easy graphical tool. The procedure is a learning machine based on samples of the syslog messages. See the full procedure in this SK:

sk55020 - How to generate a log parser for third party syslogs

 

Once the parsing file is created, locate it in the Log Server and from now on the Log Server can read the third party syslogs and convert them into Check Point logs. Once they appear as Check Point logs in the Log Server, the Log Server forwards them to SmartEvent server like any other logs.

Outcomes