Forward Check Point logs

Configure your Check Point appliance to forward syslog messages to LogSentinel SIEM via the syslog listener in the LogSentinel Collector. After turning on the syslog listener:

1. Go to Check Point Log Export
2. Scroll down to Basic Deployment and follow the instructions to set up the connection, using the following guidelines:
3. Set the Syslog port to 2514 or the port you've configured in the collector.
4. Replace the name and target-server IP address with the Syslog agent name and IP address.
5. Set the format to CEF.
6. If you are using version R77.30 or R80.10, scroll up to Installations and follow the instructions to install a Log Exporter for your version.

Note

Make sure that all firewalls (including the firewall on the collector machine) allow connections to the collector port