Hello, I use cp_log_export on my checkpoint management server to send logs (CEF format) to my syslog-ng server and on the same server, my splunk forwarder send log to my splunk server. I got too many logs from checkpoint and I would like to know if I can did some filters on splunk forwarder or syslog-ng server before ? for the moment in my syslog-ng I filter uniquely with tho IP source of my checkpoint management server and in my splunk forwarder with the sourcetype (checkpoint:cef). After regarding the logs on splunk, I would like to get only the logs from the cef_product MTA, can I filter that on splunk forwarder or syslog-ng ? I prefer filtered syslog-ng to reduce the amount of logs in my syslog server. Regards,
... View more