Overview-

We are providing you the steps to integrate your Checkpoint Firewall with Seceon SIEM so that you can have a Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ) . In this document we are guiding you the steps for Netflows forwarding.

Steps to Configure -

...

Overview

We will do the configuration on CLI for the Syslog forwarding to the CCE. We can see the logs in /var/log/messages just fine.

Steps to Configure

We would configure /etc/rsyslog.d/vyatta-log.conf as *.* @remotesysloghost and all work just fine.
host IP Address of CCE Server {

     facility all {

         level info

     }

     facility kern {

         level notice debug

     }

     facility protocols {

     }    level debug

  }   }

} 

Below is the prefered link -

Sending firewall logs to remote syslog Syslog | Ubiquiti Community

Verification of configuration

Verification can be done in 2 ways  either on CCE or on UI 

• VERIFICATION THROUGH UI

1. Open UI >>Systems

...

1. Dropdown systems and go inside -

logs and flows collection status.

1. Under -

The source device IP address section of the device configured will reflect.

...

• Verification Through the CCE server

“sudo tcpdump -i any host 514 and host <IP address> -AAA”

The above command should be run on the CCE server to check whether or not we are getting logs.