This video elaborate on Check Point's R80.20 log exporter feature, introducing an easy and secure method for exporting Check Point logs to 3rd party SIEM applications, using various protocols (like TCP or UDP) and formats (like syslog, CEF, or LEEF)
Splunk also has a Opsec Connection (LEA) to receive the logs. Is there an advantage to use this export feature?
While we will continue to support LEA for the time being, Log Exporter is going to be the recommended method for exporting logs to third party SIEMs going forward.
Thanks. Is there an SK for this? Perhaps that and a link to that or to the admin guide with the info about that would be beneficial in this thread.
The official SK: Log Exporter - Check Point Log Export
The "canonical" thread on CheckMates: Log Exporter guide
And so the loop is closed and it's all brought together.
Nice one, thank you Dameon.
Retrieving data ...