AnsweredAssumed Answered

Exporting R80.10 logs to Logstash ( ElasticSearch integration)

Question asked by Lukas Nagy on Aug 25, 2017
Latest reply on Aug 25, 2017 by Dameon Welch-Abernathy



we are trying to integrate logs from Check Point Management server into Logstash. We are using opensource tool fw1-loggrabber with support of new OPSEC API (SHA-256) supported. Exporting works, however I couldn't find a proper documentation of the fields that can be found in logs. There is not really a true structure of logs, many line have different fields and those fields are not documentated.


Is there a document that show every field that can be exported? I just found an old LEA document, but it is missing a lot of fields. ( ).


Writing rules for matching in Logstash is very difficult, without the knowledge what we can expect. We were following Check Point Firewall Logs and Logstash (ELK) Integration - /dev/random  


Thank you for any insight how we can do this better.