Hi,
I'm looking at this app, and it appears to be saying that you can get checkpoint tracker logs via syslog, instead of OPSEC. Is this accurate, and if so, how did you do this?
I too have the same question...
Yes. There are two ways by which you can send Check Point tracker logs to outside Management server.
1. OPSEC LEA. - Best option. But mostly works on linux.
2. syslog. You can send logs to syslog server. In this case Splunk will be syslog server. Add-On will pick up the logs and extract all necessary fields.
Check the link below to know how to send Check Point logs via syslog. Feel free to contact me if you face any issue. I will be glad to help.
http://qostechnology.in/blog/syslog-integration-with-checkpoint/
Hi,
The link you posted (referenced below) does seems to be inaccessible and throws 404 page. Any idea where I can more documentation on this method?
Thanks
Thanks for letting us know. We moved to new URL and the same is updated in my answer above as well.
Here is the correct URL
http://qostechnology.in/blog/syslog-integration-with-checkpoint/
You can email us for anything related to Check Point and Splunk splunk@qostechnology.in
Thanks
Hi
We are busy configuring the Checkpoint addon for Splunk via syslog. The first part is to direct the tracker logs to /var/log/messages - if we do this, will we still be able to see all the events in the Smartview Tracker application?
Thanks
Hi brandonf,
Tracker logs will not be touched by this add on. One can see tracker logs just like before.
Thanks