Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Best way to collect logs from Checkpoint and Blue Coat Proxies?

daniel_augustyn
Contributor
‎10-16-2015 11:36 AM

What is the best way to collect logs from the devices that I can't install Universal Forwarders on? Should I use the available apps like the ones for Checkpoint and Blue Coat? Would I even need these apps? Or should I just import the logs directly to a heavy forwarder?

These are the questions I have:

Do I need an app for a specific device if UF is not available to be installed on that device?
Do I need to install heavy forwarders for these types of logs?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ryanlait
Explorer
‎10-23-2015 06:14 AM

I cannot speak for checkpoint, but forwarding BlueCoat logs via syslog to our heavy forwarder has been simple and effective for me.

Configure a UDP listener on a heavy forwarder and configure your bluecoat/s to forward logs to your heavy forwarder IP:port via syslog.

We've written a few custom search queries and dashboards but the BlueCoat app is a good starting point.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mreynov_splunk
Splunk Employee
Splunk Employee
‎10-26-2015 01:40 PM

The best practice for cases like this is setting up syslog aggregation like syslog-ng, forward your logs to that and install the UF on the syslog-ng server.

0 Karma
Reply
Solved! Jump to solution
Solution

ryanlait
Explorer
‎10-23-2015 06:14 AM

I cannot speak for checkpoint, but forwarding BlueCoat logs via syslog to our heavy forwarder has been simple and effective for me.

Configure a UDP listener on a heavy forwarder and configure your bluecoat/s to forward logs to your heavy forwarder IP:port via syslog.

We've written a few custom search queries and dashboards but the BlueCoat app is a good starting point.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...