Versions Compared

Old Version 2

changes.mady.by.user Customer Success & Engineering (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Customer Success & Engineering (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel7

Overview

...

We are providing you the steps to integrate your Checkpoint Firewall with Seceon SIEM so that you can have a Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ) . In this document we are guiding you the steps for Netflows forwardingwill do the configuration on CLI for the Syslog forwarding to the CCE. We can see the logs in /var/log/messages just fine.

Steps to Configure

...

Code Block
We would configure /etc/rsyslog.d/vyatta-log.conf as *.* @remotesysloghost and all work hostjust 192fine.168.10.20
{host IP Address of CCE Server {

     facility all {

         level info

   level notice  }

     facility kern {

         level debug

     }

     facility protocols {

     }    level debug

  }   }

}

Below is the prefered link -

Sending firewall logs to remote syslog Syslog | Ubiquiti Community

Verification of configuration

...

logs and flows collection status.

  1. Under -

Source The source device IP address section of the device configured will reflect.

...

  • Verification Through the CCE server

sudo “sudo tcpdump -i any host 9995 514 and host <IP address> -AAA”

The above command should be ran run on the CCE server to check wheather whether or not we are getting logs.

...