Heiko Ankenbrand

R80.10 Syslog Exporter

Discussion created by Heiko Ankenbrand Champion on Mar 19, 2018
Latest reply on Dec 3, 2018 by TOM MORAN

Via Check Point Support you get a Syslog exporter for SIEM applications for R80.10 Managment.

Which allows an easy and secure method for exporting CP logs over syslog. Exporting can be done in few standard protocols and formats.

Log Exporter supports:

  • Splunk
  • Arcsight
  • RSA
  • LogRhythm
  • QRadar
  • McAfee

Log Exporter is a multi-threaded daemon service, running on a log server. Each log that is written on the log server is read by the log exporter daemon, transformed into the desired format and mapping, and then sent to the end target.

 

Installation on R80.10 Jumbo Hotfix Take 56 or higher.

 

Syntax:

# cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server> target-port <target-port> protocol <(udp|tcp)> [optional arguments]

 

Command Name

Command Description

add

Deploy a new Check Point logs exporter.

set

Updates an exporter's configuration.

delete

Removes an exporter.

show

Prints an exporter's current configuration.

status

Shows an exporter's overview status.

start

Starts an exporter process

stop

Stops an exporter process.

restart

Restarts an exporter process.

reexport

Resets the current position, and re-exports all logs per the configuration.

 

Regards,

Heiko

Outcomes