|
|
|
Many third-party devices use the syslog format to log. The Log Server reformats the raw data to the Check Point log format to process third-party syslog messages. SmartEvent can take the reformatted logs and convert them into security events.
You can use the Log Parsing Editor to make a parsing file. As an alternative you can manually create a parsing file. This section shows you how to do that.
|
Warning - Manual modifications to out-of-the-box parsing files cannot be preserved automatically during an upgrade. Mark your modifications with comments so you can remember what changed. |
