Syslog configuration on CheckPoint

Search another article?

Syslog configuration on CheckPoint

You are here:
< Back

Syslog configuration on CheckPoint

This article explain how to configure CheckPoint to send log to SGBox using syslog protocol.
Log in to CheckPoint management using a terminal link program (eg. Putty) and run the following command:


  • CheckPoint R80 required as described here

[Expert@Mgmt:0]#cp_log_export add name [domain-server ] target-server target-port protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)(generic)> [optional arguments]

[Expert@Mgmt:0]# cp_log_export add name SGBox target-server target-port 514 protocol udp format cef

[Expert@Mgmt:0]# cp_log_export show
name: SGBox
enabled: true
target-port: 514
protocol: udp
format: cef
read-mode: semi-unified
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false

[Expert@Mgmt:0]# cp_log_export status

Alternatively you can configure it using the User Interface: Right click on MGMT object > Export

Enter the SGBox IP, port and protocol

Select CEF as format

Click OK to finish the wizard.