AD Parsing

We are trying to parse Checkpoint logs but as there are multiple types of log formats. Depending on the blades we are running on Checkpoint the key value changes. if anyone has a conf file for checkpoint please share.

You'll probably get better help if you provide more details. Chances are there won't be any folks with detailed knowledge of Checkpoint logs.

Hi Magnus,

We have managed to write grok for different type of logs from CheckPoint Firewall. Thank you for your input.

Hi rajath, Do you have a github with the log parsing? I'm very interested on it.

Here is my github with my configs. There are configs for network elements (bluecoat, juniper srx, juniper netscreen, squid, and palo alto).

Thanks in advance!
Regards

Hi rajath,

Finally we used grok + KV to parse fields.

If you are interested, you can check it in my github.

Regards!

Hi Santiago,

Do you have AD parser by any chance? We cannot use wineventlog beat due to internal policies.

Hi Rajath!

Sorry, but I only have parses for network devices.

Regards

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.