AnsweredAssumed Answered

ArcSight Parser R80.10 & R80

Question asked by Maarten Lutterman on Nov 10, 2017
Latest reply on Mar 21, 2018 by Yonatan Philip

Hi,

 

I have a question regarding collecting logs from Check Point to ArcSight (SIEM) for version R80 and R80.10.

The LEA connection doesn't work very well anymore, also the workaround to degrade the certificate to SHA1 and than configure the connection doesn't always work because the CRL is signed with SHA2.

We now use CPlogtoSyslog for R80 and R80.10. unfortunately there is no parser to correct interpret the log files. So we wrote a custom parser for R80 but in R80.10 the log format is completely changed again.

I can't imagine that there is no one else with this problem. Does anyone have a parser or a other smart solution to tackle this problem?

 

Please let me know!

 

Best Regards,

 

Maarten Lutterman

Outcomes