Hi,
I collect logs from Checkpoint firewall and these logs are encrypted. How do Splunk read and analyze this log ?
Do you need the Checkpoint LEA log grabber?
http://splunk-base.splunk.com/apps/22386/opsec-lea-for-check-point-linux
Hi !
I will explain in detail my network diagram and my problem below
Network diagram
Checkpoint FW >> Syslog server >> Splunk
(mean: The first Checkpoint FW generates logs >> These logs are forwarded to syslog server which is Windows server 2k8(then user copies these logs to storage device) >> upload offline to Splunk server to index).
My problem is the logs data which is encrypted when they came out from FW
How do I do to read the logs?
Thank you !!
There are 2 pics which are logs in display. I uploaded they to my dropbox
https://www.dropbox.com/s/iyoht5ttyz02w9k/logviewer1.png
https://www.dropbox.com/s/qftwn15y12bguws/logviewer2.png
There are 2 pics which are logs in display. I uploaded they to my dropbox
https://www.dropbox.com/s/iyoht5ttyz02w9k/logviewer1.png
Hi !
I will explain in detail my network diagram and my problem below
Network diagram
Checkpoint FW >> Syslog server >> Splunk
(mean: The first Checkpoint FW generates logs >> These logs are forwarded to syslog server which is Windows server 2k8(then user copies these logs to storage device) >> upload offline to Splunk server to index).
My problem is the logs data which is encrypted when they came out from FW
How do I do to read the logs?
Thank you !!
Really encrypted or just in Checkpoint's binary format?
You can write a decrypting script and run it as a scripted input.