View Source

Overview

Check Point Log Exporter is an easy and secure method to export Check Point logs over syslog. Log Exporter is a multi-threaded daemon service that runs on a log server. Each log that is written on the log server is read by the Log Exporter daemon. It is then transformed into the applicable format and mapping and sent to the end target.

Steps of configuration

To export logs from Harmony Endpoint:

Log in to the console using admin rights

1-Go to Endpoint Settings > Export Events.

2-Click Add.

3-The New Logging Service window opens.

4-Fill in the export details:

Name - Enter a name for the exported information.
IP Address - Enter the IP Address of the CCE
Protocol - UDP.
Format - Select the CEF format
Port - 514

4-Click Add.

Verification with Using UI

STEP 1:Log in to UI >> SYSTEM

Seceon Public Portal > Checkpoint Harmony Exporting Logs > image2023-1-28_17-56-38.png?version=1&modificationDate=1674946599179&cacheVersion=1&api=v2&width=247&height=337

STEP 2: >> Logs and flows collection status

Seceon Public Portal > Checkpoint Harmony Exporting Logs > image2023-1-28_17-58-51.png?version=1&modificationDate=1674946732367&cacheVersion=1&api=v2&width=255&height=183

STEP 3: >>To verify the source device IP from the UI:

Log in to the user interface
Navigate to the "SYSTEM" section
Look for the "SOURCE DEVICE IP"
Check the IP address that is displayed
Compare the IP address displayed against the expected source device IP

This will allow you to ensure that the system is properly identifying the source device IP and that it matches the expected IP address..

Seceon Public Portal > Checkpoint Harmony Exporting Logs > image2023-1-28_17-59-30.png?version=1&modificationDate=1674946771175&cacheVersion=1&api=v2&width=1000&height=179