×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
vedaserverandst
New Member
Member since: ‎02-20-2013
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-20-2013
Activity Feed
View All

Re: How to configure the Splunk Add-on for Check P...

by in All Apps and Add-ons
‎11-15-2015 06:34 PM
‎11-15-2015 06:34 PM
thank you for your suggestion. Based on this, I edited the file to have both normal and audit logs but still can't see all the traffic from Checkpoint logs. Please suggest if I am following this correctly. thank you. Below is the 'fw1-loggrabber.conf' file. DEBUG_LEVEL="0" FW1_LOGFILE="fw.log" FW1_OUTPUT="logs" FW1_TYPE="ng" FW1_MODE="normal" FW1_MODE="audit" ONLINE_MODE="no" RESOLVE_MODE="no" RECORD_SEPARATOR="|" DATEFORMAT="cp" LOGGING_CONFIGURATION=screen OUTPUT_FILE_PREFIX="fw1-loggrabber" OUTPUT_FILE_ROTATESIZE=1048576 AUDIT_FILTER_RULE="action=accept|drop" ... View more

Re: How to configure the Splunk Add-on for Check P...

by in All Apps and Add-ons
‎11-12-2015 09:54 PM
‎11-12-2015 09:54 PM
Below is fw1-loggrabber.conf on the environment. DEBUG_LEVEL= DEBUG_LEVEL="0" FW1 configuration settings FW1_LOGFILE= FW1_LOGFILE="fw.log" FW1_OUTPUT= FW1_OUTPUT="logs" FW1_TYPE= FW1_TYPE="ng" FW1_MODE= FW1_MODE="normal" Ref: Change CHG48985 - Ingest Checkpoint Audit logs in Splunk FW1_MODE="audit" ONLINE_MODE= ONLINE_MODE="no" RESOLVE_MODE= RESOLVE_MODE="no" RECORD_SEPARATOR= RECORD_SEPARATOR="|" DATEFORMAT= cp = " 3Feb2004 14:15:16" unix = "1051655431" std = "2004-02-03 14:15:16" DATEFORMAT="cp" LOGGING_CONFIGURATION= syslog mode is only Unix like Operating Systems, such as Linux, Solaris LOGGING_CONFIGURATION=screen OUTPUT_FILE_PREFIX= OUTPUT_FILE_PREFIX="fw1-loggrabber" OUTPUT_FILE_ROTATESIZE= OUTPUT_FILE_ROTATESIZE=1048576 ODBC_DSN= ODBC_DSN=FW1-LOGGRABBER FW1_FILTER_RULE= FW1_FILTER_RULE="action=drop" AUDIT_FILTER_RULE= AUDIT_FILTER_RULE="action=accept" FIELDS= FIELDS=loc;src;dst ... View more

How to configure the Splunk Add-on for Check Point...

by in All Apps and Add-ons
‎11-12-2015 09:53 PM
‎11-12-2015 09:53 PM
I have configured the Splunk Add-on for Check Point OPSEC LEA to ingest Check Point logs and it's ingesting only some of the logs, but not everything. Please let me know how to ingest all the Check Point logs (fw.log) into Splunk. Thank you. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM