Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sameerm
Explorer

Can traffic logs(fw.log) can directly be sent to SIEM from firewall, running on R80.20

Hi Team,

We're looking forward to offload our MDS/MLM by sending traffic logs directly from firewall to SIEM solutions.Can log exporter directly send traffic logs(fw.log) from firewall to SIEM ? Firewalls and MDS/MLM are running on R80.20 with latest take.

SIEM solution is QRadar.

 

Thanks

Sameer

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

Log Exporter can only run on a log server, which includes SMS/MDM/MLM, not a Security Gateway.
Gateways can be configured to send Firewall logs directly to a location, but this does not include other blades like IPS and App Control, so it will be incomplete.
0 Kudos
sameerm
Explorer

Thanks for your reply @Phone Boy !
We don't want SIEM solution to fetch logs from MDS/MLM, instead we're looking for a solution where gateway can directly send its fw.log to SIEM solution.
Can gateway(R80.20) send its logs(fw.log) to SIEM(QRadar)? of course firewall logs for now.
0 Kudos
PhoneBoy
Admin
Admin

Here's how you configure a Check Point gateway to send firewall logs to a syslog server:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Whether QRadar will receive and parse these logs is a different question.
Whether this information will yield useful information in QRadar without information from the other blades is another separate question.
The only supported and recommended method is to use Log Exporter.
0 Kudos
FedericoMeiners
Advisor

Personal experience: Log Exporter + QRadar works great, you will don't have to do parsing at all for most use cases and correlations.

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos
FedericoMeiners
Advisor

It's important to mention that you can forward syslog messages from the gateways to the management server. You can set this up on the Web UI of each gateway that runs Gaia OS.

If you do this + log exporter on the management you will have complete overview of your gateways in the SIEM.

_____

____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events