| Table of Contents | ||||
|---|---|---|---|---|
|
Overview
Check Point Log Exporter is an easy and secure method to export Check Point logs over syslog. Log Exporter is a multi-threaded daemon service which that runs on a log server. Each log that is written on the log server is read by the Log Exporter daemon. It is then transformed into the applicable format and mapping and sent to the end target.
Steps of configuration
To export logs from Harmony Endpoint:
Log in to the console using admin rights
1-Go to Endpoint Settings > Export Events.
...
Name - Enter a name for the exported information.
IP Address - Enter the IP Address of the CCE
Protocol - UDP.
Format - Select the CEF format
Port - 514
4-Click Add.
Note:
Now login on to the CCE and capture the PCAP with the help of the below command and share it with us.sudo tcpdump -i any port 514 and host <device_ip> -vw checkpoint.pcap.
Verification with Using UI
STEP 1:Log in to UI >> SYSTEM
...
STEP 2: >> Logs and flows collection status
...
STEP 3: >>To verify the source device IP from the UI:
Log in to the user interface
Navigate to the "SYSTEM" section
Look for the "SOURCE DEVICE IP"
Check the IP address that is displayed
Compare the IP address displayed against the expected source device IP
This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..
...