Re: Logs are encrypted

changhieuzi · ‎11-14-2012

Hi,
I collect logs from Checkpoint firewall and these logs are encrypted. How do Splunk read and analyze this log ?

sowings · ‎11-21-2012

Do you need the Checkpoint LEA log grabber?

http://splunk-base.splunk.com/apps/22386/opsec-lea-for-check-point-linux

changhieuzi · ‎11-21-2012

Hi !
I will explain in detail my network diagram and my problem below
Network diagram
Checkpoint FW >> Syslog server >> Splunk
(mean: The first Checkpoint FW generates logs >> These logs are forwarded to syslog server which is Windows server 2k8(then user copies these logs to storage device) >> upload offline to Splunk server to index).
My problem is the logs data which is encrypted when they came out from FW
How do I do to read the logs?
Thank you !!

There are 2 pics which are logs in display. I uploaded they to my dropbox
https://www.dropbox.com/s/iyoht5ttyz02w9k/logviewer1.png
https://www.dropbox.com/s/qftwn15y12bguws/logviewer2.png

changhieuzi · ‎11-20-2012

There are 2 pics which are logs in display. I uploaded they to my dropbox
https://www.dropbox.com/s/iyoht5ttyz02w9k/logviewer1.png

https://www.dropbox.com/s/qftwn15y12bguws/logviewer2.png

changhieuzi · ‎11-20-2012

Hi !
I will explain in detail my network diagram and my problem below

Network diagram
Checkpoint FW >> Syslog server >> Splunk
(mean: The first Checkpoint FW generates logs >> These logs are forwarded to syslog server which is Windows server 2k8(then user copies these logs to storage device) >> upload offline to Splunk server to index).

My problem is the logs data which is encrypted when they came out from FW

How do I do to read the logs?

Thank you !!

Ayn · ‎11-15-2012

Really encrypted or just in Checkpoint's binary format?

martin_mueller · ‎11-15-2012

You can write a decrypting script and run it as a scripted input.

Logs are encrypted

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk