How to collect Checkpoint Firewall log (Full Version)

All Forums >> [Network Security] >> GFI EventsManager



Message

nmm -> How to collect Checkpoint Firewall log (8.Apr.2008 10:24:40 PM)

Who has been exprerience to collect  log from Checkpoint Firewall. we are try to collect log from Checkpoint by follow GFI installation step by step (syslog) and config firewall port 514 so everything it's correct, but GFI Server can not get any log from Checkpoint.  Checkpoint engineer, they told  GFI should have OPSEC™ Certificate from Checkpoint so after that we need to configure Checkpoint Firewall’s to support log import from most versions and log extraction API (LEA) and establish connections and retrieve logs from Checkpoint Firewall.
            How we could get the Checkpoint Firewall OPSEC™ for GFI Eventmanager (Checkpoint Firewall is one in GFI Eventmanager Application & Device list support). Incase do you have it, please provide the step of configuration.



Sven Berger -> RE: How to collect Checkpoint Firewall log (10.Apr.2008 6:30:13 AM)

Hi nmm,

I am slightly confused. Does the Checkpoint device have Logs stored locally that Eventsmanager would need to collect from the machine or does the Checkpoint Device send out syslog messages that EVM would simply need to capture?

If the latter is the case, then I don't see why EVM would have to be Opsec Compliance as the syslog follow an already existing standard. Or are the Ceckpoint Syslogs proprietary?



jwalzer -> RE: How to collect Checkpoint Firewall log (15.Apr.2008 8:48:41 AM)

Checkpoint logs are proprietary



Sven Berger -> RE: How to collect Checkpoint Firewall log (15.Apr.2008 9:45:37 AM)

thanks for clearing this up jwalzer.

i have made a feature request to get this functionality into a future version of EVM (9?). Checkpoint is certainly popular enough to have a serious look at the possibility of collecting these logs.



nmm -> RE: How to collect Checkpoint Firewall log (18.Apr.2008 12:30:53 AM)

In the moment! how can I work around to get log from Checkpoint, Do you have any suggestion?



Page: [1]