Syslog configuration on CheckPoint

You are here:
< Back

Syslog configuration on CheckPoint

This article explain how to configure CheckPoint to send log to SGBox using syslog protocol.
Log in to CheckPoint management using a terminal link program (eg. Putty) and run the following command:

Requirements

  • CheckPoint R80 required as described here


[Expert@Mgmt:0]#cp_log_export add name [domain-server ] target-server target-port protocol <(udp|tcp)> format <(syslog)|(cef)|(splunk)(generic)> [optional arguments]

[Expert@Mgmt:0]# cp_log_export add name SGBox target-server 192.168.1.10 target-port 514 protocol udp format cef

[Expert@Mgmt:0]# cp_log_export show
name: SGBox
enabled: true
target-server: 192.168.1.10
target-port: 514
protocol: udp
format: cef
read-mode: semi-unified
export-attachment-ids: false
export-link: false
export-attachment-link: false
time-in-milli: false