My environment consists of CheckPoint Provider1 MDS/CMA/CLM: I'm running a MDS (MultiDomainServer) with multiple customer environments (CMA). However, all log traffic is sent back to our central log repository (CLM). Question is: How should configure my splunk CheckPoint application to retrieve all customer logs???
To retrieve CheckPoint logs from our CLM we did this:
To retrieve CheckPoint logs from our CLM we did this:
In step 2. "push the OPSEC application to the CMA and CLM" should be revised to: "Install the database to the CMA"
*thanks for the correction Mahesh!!!
you Betcha!!!
Thanks, these were exactly the steps I needed!