Log Exporter

Overview

Check PointLog Exporter is an easy and secure method to export Check Point logs over the syslog protocol from a Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. / Log Server Dedicated Check Point server that runs Check Point software to store and process logs..

You can configure the Log Exporter settings in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. or with CLI commands.

You can configure advanced settings in various configuration files.

Log Exporter supports:

• Multiple SIEM applications that can run a Syslog agent.

• Syslog over TCP or UDP.

• Multiple formats (Syslog, CEF, LEEF, JSON, and so on).

• Mutual authentication based on TLS 1.2.

• Export of Security logs, Audit logs, or both.

• Export of links to the relevant log card in SmartView and the log attachment (such as Forensics / Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. report Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent.).

• Filtering of logs.

Log Exporter is constantly updated. For the most up to date information about the supported versions and applications, see:

• sk122323 - Log Exporter - Check Point Log Export

• sk144192 - Log Fields Description

Note - The Check Point App for Splunk uses the Log Exporter to seamlessly send logs from your Check PointLog Server to your Splunk server. This enables you to collect and analyze millions of logs from all Check Point technologies and platforms. For more information, see the App for Splunk User Guide.