Log Exporter

Overview

Check Point Log Exporter is an easy and secure method to export Check Point logs over syslog in R80.20 and higher management. For information on deployment in R77.30 and R80.10 servers, see sk122323.

The Check Point App for Splunk uses the Log Exporter to seamlessly send logs from your Check Point Log Server Dedicated Check Point server that runs Check Point software to store and process logs. / SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. to your Splunk server. This enables you to collect and analyze millions of logs from all Check Point technologies and platforms. For more information, see the App for Splunk User Guide.

Log Exporter supports:

• SIEM applications: Splunk/Arcsight/RSA/LogRhythm/QRadar/McAfee/rsyslog/ng-syslog and any other SIEM application that can run a syslog agent.

• Protocols: Syslog over TCP or UDP.

• Formats: Syslog, CEF, LEEF, Generic.

• Read-Mode: Raw, Semi-Unified.

• Security: Mutual authentication TLS.

• Types: Security logs, Audit logs.

• Export Links: You can export links to the relevant log card in SmartView and the log attachment (such as Forensics\Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. report Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent.).

• Filtering:

  • Filter out (do not export) Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. connection logs.

  • Select what to export based on field values.

  • For more information, including basic and advanced instructions for filtering, see sk122323.