Check Point offers multilevel security architecture, “Infinity” Total Protection with Gen V advanced threat prevention, which defends enterprises’ cloud, network and mobile device held information.
Does this information look incorrect or out-of-date? Please contact us at support@socos.io.
It’s likely we will need to work on setting up a filter at the source, as the large majority look like logs rather than alerts.
We can make some suggestions as to how we think it needs to be done, but as we don’t have access to or experience of a Check Point firewall, it may need to be a collaborative process (or if you manage to review and decide which are of interest to you, we’d be interested to see).
There are 2 ways to configure Log Exporter: SmartConsole and CLI.
In order to configure Log Exporter using CLI commands, do the following on the log server:
cp_log_export add name <name> [domain-server <domain-server>] target-server <target-server IP/host name> target-port <target-port> protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)|(logrhythm)|(generic)> [optional arguments]
On MDS/MLM: the domain-server argument is mandatory.
This will create a new target directory with the unique name specified in the name parameter under $EXPORTERDIR/targets/<deployment_name>, and set the target configuration parameters with the connection details: IP Address, port, protocol, format and read-mode.
The above deployment will export logs in clear text. In order to export logs using encryption, please see "Advanced Deployment - Additional Commands" section.
The new log exporter does not start automatically.
To start it run: cp_log_export restart
In order to configure Log Exporter using SmartConsole, please see Logging and Monitoring Administration Guide