- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How do you get Check Point tracker logs via sy...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do you get Check Point tracker logs via syslog using the Check Point Add On for Splunk via syslog - LEA Alternative?
Hi,
I'm looking at this app, and it appears to be saying that you can get checkpoint tracker logs via syslog, instead of OPSEC. Is this accurate, and if so, how did you do this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I too have the same question...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes. There are two ways by which you can send Check Point tracker logs to outside Management server.
1. OPSEC LEA. - Best option. But mostly works on linux.
2. syslog. You can send logs to syslog server. In this case Splunk will be syslog server. Add-On will pick up the logs and extract all necessary fields.
Check the link below to know how to send Check Point logs via syslog. Feel free to contact me if you face any issue. I will be glad to help.
http://qostechnology.in/blog/syslog-integration-with-checkpoint/
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The link you posted (referenced below) does seems to be inaccessible and throws 404 page. Any idea where I can more documentation on this method?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for letting us know. We moved to new URL and the same is updated in my answer above as well.
Here is the correct URL
http://qostechnology.in/blog/syslog-integration-with-checkpoint/
You can email us for anything related to Check Point and Splunk splunk@qostechnology.in
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
We are busy configuring the Checkpoint addon for Splunk via syslog. The first part is to direct the tracker logs to /var/log/messages - if we do this, will we still be able to see all the events in the Smartview Tracker application?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi brandonf,
Tracker logs will not be touched by this add on. One can see tracker logs just like before.
Thanks
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics!
New in Observability Cloud - Explicit Bucket Histograms
