I'm working on setting up an elastic installation and forwarding all Check Point logs via Elastic Agent integration. I have setup Fleet, created the Agent Policy and installed the Elastic Agent on the Check Point management server. The agent will not send the fw.log file which contains all the firewall logs for network traffic. The integration description states that it utilizes the log exporter but doesn't provide any instructions for this. I've setup a manual cp_log_export but elastic is not ingesting the syslog logs from Check Point log exporter. Can someone help me understand where I'm going wrong?
i haven't done anything with checkpoint yet, but here are some things i saw in your config:
can you try to change the exporter to tcp? The syslog input on the elasticagent seems to be tcp (see Title of config line input: tcp).
Maybe you also have to enter the Ip into the "Syslog Host" field so connection from outside on the server are allowed (are the connection coming from outside? not sure). Or it could be the other way around and you have to configure the log_exporter to target-host 127.0.0.1 because the Agent is only listening on localhost.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
