Forward Check Point logs¶
Configure your Check Point appliance to forward syslog messages to LogSentinel SIEM via the syslog listener in the LogSentinel Collector. After turning on the syslog listener:
- Go to Check Point Log Export
- Scroll down to Basic Deployment and follow the instructions to set up the connection, using the following guidelines:
- Set the Syslog port to 2514 or the port you've configured in the collector.
- Replace the name and target-server IP address with the Syslog agent name and IP address.
- Set the format to CEF.
- If you are using version R77.30 or R80.10, scroll up to Installations and follow the instructions to install a Log Exporter for your version.
Make sure that all firewalls (including the firewall on the collector machine) allow connections to the collector port