AD Parsing

(Rajath jain) #1

We are trying to parse Checkpoint logs but as there are multiple types of log formats. Depending on the blades we are running on Checkpoint the key value changes. if anyone has a conf file for checkpoint please share.

(Magnus B├Ąck) #2

You'll probably get better help if you provide more details. Chances are there won't be any folks with detailed knowledge of Checkpoint logs.

(Rajath jain) #3

Hi Magnus,

We have managed to write grok for different type of logs from CheckPoint Firewall. Thank you for your input.

(Santiago Martinez) #4

Hi rajath, Do you have a github with the log parsing? I'm very interested on it.

Here is my github with my configs. There are configs for network elements (bluecoat, juniper srx, juniper netscreen, squid, and palo alto).

Thanks in advance!

(Santiago Martinez) #5

Hi rajath,

Finally we used grok + KV to parse fields.

If you are interested, you can check it in my github.


(Rajath jain) #6

Hi Santiago,

Do you have AD parser by any chance? We cannot use wineventlog beat due to internal policies.

(Santiago Martinez) #7

Hi Rajath!

Sorry, but I only have parses for network devices.


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.