We noticed that the default inputs for the Checkpoint OPSEC LEA app is only the current active fw.log file on the management server.
We have a situation that the firewall logs roll over rather quickly (several times a day) and due to a maintenance issue the connectivity to the management server was disconnected for about a day. The logs started being indexed into Splunk again but we have a gap in the data now. The old logs are on the management server but have a date-stamp added to the name now.
The question: Is there a way to direct the Checkpoint App to collect the older log files by specifying the log filenames as they are named on the the Checkpoint management server?
... View more