Configuring the Identity Collector to Parse Syslog Messages

Identity Collector can now receive and process syslog messages that contain identity information. Identity Collector can use these syslog messages as an additional identity source for the Identity Awareness Gateway.

Workflow to configure the Identity Collector to parse Syslog messages:

  1. Create a new Syslog Parser.

    1. Open the Identity Collector application.

    2. From the top toolbar, click Syslog Parsers.

    3. Click New Parser.

    4. Enter the Syslog Parser information.

      Important - Only the value of the attribute must be inside parentheses.

    5. Click OK.

  2. Add a Syslog Server as an Identity Source.

    1. Open the Identity Collector application.

    2. From the left navigation toolbar, click Identity Sources.

    3. From the top toolbar, click New Source > Syslog.

    4. Enter the Syslog Server information.

      • Syslog Server Name - Enter the Syslog Server name to show in the Identity Collector.

      • (Optional) Enter your comment.

      • IP Address - Enter the IPv4 address of the Syslog Server.

      • Port - Enter the applicable port on the Syslog Server.

      • Site - Enter the Site name of the Syslog Server.

      • Parser - Select a current Syslog parser, or create a new one.

  3. In the Identity Collector, add a new Query Pool, or edit a current Query Pool.

    See Working with Query Pools in the Identity Collector.

  4. In the Identity Collector, add a new Filter for the login events, or edit a current Filter.

    See Working with Filters for Login Events in the Identity Collector.

  5. Connect the Identity Collector to the Check Point Identity Server (Identity Awareness Gateway).

    See Connecting the Identity Collector to the Identity Awareness Gateway.

Note - If you imported a previously exported configuration, the Identity Collector's GUI might not show the Syslog Parsers immediately. In this case, close and reopen the Identity Collector.