Search another article?
Syslog configuration on CheckPoint
This article explain how to configure CheckPoint to send log to SGBox using syslog protocol.
Log in to CheckPoint management using a terminal link program (eg. Putty) and run the following command:
Requirements
- CheckPoint R80 required as described here
[Expert@Mgmt:0]#cp_log_export add name [domain-server ] target-server target-port protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)(generic)> [optional arguments]
[Expert@Mgmt:0]# cp_log_export add name SGBox target-server 192.168.1.10 target-port 514 protocol udp format cef
[Expert@Mgmt:0]# cp_log_export show
name: SGBox
enabled: true
target-server: 192.168.1.10
target-port: 514
protocol: udp
format: cef
read-mode: semi-unified
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false
[Expert@Mgmt:0]# cp_log_export status
Alternatively you can configure it using the User Interface: Right click on MGMT object > Export
Enter the SGBox IP, port and protocol
Select CEF as format
Click OK to finish the wizard.
