Security

Logs are encrypted

New Member

Hi,
I collect logs from Checkpoint firewall and these logs are encrypted. How do Splunk read and analyze this log ?

Tags (1)
0 Karma

Splunk Employee
Splunk Employee
0 Karma

New Member

Hi !
I will explain in detail my network diagram and my problem below
Network diagram
Checkpoint FW >> Syslog server >> Splunk
(mean: The first Checkpoint FW generates logs >> These logs are forwarded to syslog server which is Windows server 2k8(then user copies these logs to storage device) >> upload offline to Splunk server to index).
My problem is the logs data which is encrypted when they came out from FW
How do I do to read the logs?
Thank you !!

There are 2 pics which are logs in display. I uploaded they to my dropbox
https://www.dropbox.com/s/iyoht5ttyz02w9k/logviewer1.png
https://www.dropbox.com/s/qftwn15y12bguws/logviewer2.png

0 Karma

New Member

There are 2 pics which are logs in display. I uploaded they to my dropbox
https://www.dropbox.com/s/iyoht5ttyz02w9k/logviewer1.png

https://www.dropbox.com/s/qftwn15y12bguws/logviewer2.png

0 Karma

New Member

Hi !
I will explain in detail my network diagram and my problem below

Network diagram
Checkpoint FW >> Syslog server >> Splunk
(mean: The first Checkpoint FW generates logs >> These logs are forwarded to syslog server which is Windows server 2k8(then user copies these logs to storage device) >> upload offline to Splunk server to index).

My problem is the logs data which is encrypted when they came out from FW

How do I do to read the logs?

Thank you !!

0 Karma

Legend

Really encrypted or just in Checkpoint's binary format?

0 Karma

SplunkTrust
SplunkTrust

You can write a decrypting script and run it as a scripted input.

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!