Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Checkpoint Harmony Integration

Owned by Customer Success & Engineering
Dec 20, 2023
2 min read

Overview

Check Point Log Exporter is an easy and secure method to export Check Point logs over syslog. Log Exporter is a multi-threaded daemon service which runs on a log server. Each log that is written on the log server is read by the Log Exporter daemon. It is then transformed into the applicable format and mapping and sent to the end target.

 

This document will help you to do the integration of Checkpoint Harmony to Seceon. 

 

Configuration steps in the Seceon CCE Server 

 

  • First login to the CCE using the "seceon" user and run the command otmdoc -m or docker ps to check the container status.

  • otmdoc -s cce-log-processor command should be run next. This will put you in the shell prompt inside the logs-processor container.

  • Run the command cd /docker/config to go to the configuration folder

  • Then ls to ensure that you see the file logstash_base_var.yml

  • Edit the file using the command vi logstash_base_var.yml

  • Update the line TCP over TLS = false to the line TCP over TLS = true

  • Save the file in vi and exit vi.

  • Run the exit command at last to exit from the container that you got into in Step 2 above

  • Then restart cce-logs-processor by otmdoc -r cce-log-processor

  • Go into the container cce-log-processor again using step 2 above

  • Go into seceon-cce with help of command cd seceon-cce

  • Go into the logstash/config directory with the help of the command cd /docker/config

  • then ls and you should see the file logserver.crt

  • You will also see the key  as a file logserver.key

 

NOTE: You can use the self-signed cert that we provide or you can use the one that you want to have. If you want to provide their own cert, then you need to back up the self-signed cert files and copy your own followed by restarting the container.

 

If you are using third party CA Certificate then upload same certificate into the Seceon CCE Server into the /docker/config directory and rename the CRT & KEY Files with their default names logserver.crt & logserver.key respectively.

 

  • Copy these two files and use them to configure devices sending logs using TCP over TLS.

  • Once these two files are fetched then, apply it on harmony when it asks for a certificate.

 

Configuration steps in the Checkpoint Harmony

Reference link: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/Topics-HEP/Exporting-Logs.htm

 

For more information, see sk122323.

 

Verification 

Verification from the Seceon GUI Console

 

Open the Seceon GUI Console with appropriate administrative rights user.

 

Navigate to System Monitoring and drop down to System >> Logs/flows Collection Status.

 

IP Address or CheckPoint will reflect in about 5-10 minutes.

 

 

 

 

 

Verification from the Seceon CCE Server

 

The following command should be run on the CCE server to check whether or not we are getting logs, IP is not used as done with certificate and key so IP will not be stable.

 

sudo tcpdump -i any host 514 and tcp.

Seceon Inc. All rights reserved. https://www.seceon.com