CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 3 of 3

Thread: exporting a selection of firewall logs to SIEM

  1. 2017-01-11 #1
    PeterSmith78
    PeterSmith78 is offline Member
    Join Date
    2014-11-23
    Posts
    50
    Rep Power
    9

    Default exporting a selection of firewall logs to SIEM

    Hi

    I am running Checkpoint R77.20 (a cluster of 4 firewalls running on Secure Platform and a separate firewall management server running on Windows server 2008R2)
    I have been asked to forward some of the firewall traffic logs to an SIEM Event Collector (which is not controlled by me). However I can't send ALL of the firewall logs as some traffic is confidential. I'm therefore looking for a way of sending a selection of firewall traffic logs to the SIEM server. (Also I want to retain the logs on my management server so that I'm still able to view them myself).

    As I understand it the options are:
    a) Set up an LEA server on the firewall management server and allow the LEA client on the SIEM server to connect to the firewall management server to get the firewall traffic logs.
    b) forward the traffic logs from the firewall management server to a syslog server using OPSEC.
    c) send the firewall logs directly from the firewalls (not from the management server) by setting up user defined logging rules and then configuring a script to send the logs to the syslog server.

    I was wondering if anyone could advise me of the best solution? Many thanks
    Reply With Quote Reply With Quote
  2. 2017-01-11 #2
    Irek_Romaniuk
    Irek_Romaniuk is offline Senior Member
    Join Date
    2014-10-10
    Posts
    250
    Rep Power
    9

    Default Re: exporting a selection of firewall logs to SIEM

    This is worth reading https://blog.rootshell.be/2014/08/28...k-integration/
    Reply With Quote Reply With Quote
  3. 2017-01-16 #3
    PeterSmith78
    PeterSmith78 is offline Member
    Join Date
    2014-11-23
    Posts
    50
    Rep Power
    9

    Default Re: exporting a selection of firewall logs to SIEM

    Many thanks Irek, that was a good link!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. IPS/SIEM Deployment
    By amani in forum Off-Topic
    Replies: 1
    Last Post: 2011-08-26, 16:26
  2. Checkpoint firewall platform selection assistance
    By cciesec2006 in forum Check Point SecurePlatform (SPLAT)
    Replies: 16
    Last Post: 2009-11-09, 13:45
  3. problem with exporting logs from smart tracker
    By ds5879 in forum SmartView Tracker
    Replies: 0
    Last Post: 2008-05-08, 12:38
  4. Exporting fw1 logs to an SQL server?
    By GordonCopestake in forum SmartView Tracker
    Replies: 1
    Last Post: 2007-06-20, 20:42
  5. Exporting Logs to Linux syslogd
    By razorack in forum SmartView Tracker
    Replies: 1
    Last Post: 2006-09-20, 19:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules