Getting Data In

Logging Aggregation for Checkpoint Firewalls Logs

daniel_augustyn
Contributor

I am going slightly over my license limit from time to time because of the Checkpoint firewall logs. Is there a way to aggregate some of the firewalls logs before start indexing them into the Splunk indexers? Or the only option would be to add another 20GB of license to Splunk.

Tags (1)
0 Karma
1 Solution

David
Splunk Employee
Splunk Employee

I'm not aware of any option to do this. You could potentially try to hack your own via transforms or unarchive_cmd (search on answers for examples of either), but the Check point stuff can't really be aggregated easily.

View solution in original post

0 Karma

David
Splunk Employee
Splunk Employee

I'm not aware of any option to do this. You could potentially try to hack your own via transforms or unarchive_cmd (search on answers for examples of either), but the Check point stuff can't really be aggregated easily.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...