Identity Collector Forwarding Identities to an Event Log Collector

How to configure Log Collector in Identity Collector

  1. Configure Event Log forwarding on Windows Server 2008 and higher, which requires a Source and Target (Collector) server. For information on log forwarding and how to enable it, see Configure Event Log Forwarding in Windows Server 2012 R2.

  2. Before you do the next step, make sure that the events are successfully populating within the Event Viewer of the Collector server, specifically in Windows Logs > Forwarded Events.

  3. Go to the Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. > Identity Sources, select New Source > Active Directory > Add Manually.

  4. Enter the domain and IP address and select the option Is Forwarded Event Log Collector.

  5. When the Identity Source is successfully connected, add it to the related Query Pool. You should now see the number of events incrementing.