Check Point Filebeat module clarification

I’m hoping someone can clarify how Filebeat is supposed to be setup when being used to process logs from a Check Point firewall (as covered here:

The article doesn’t indicate if Filebeat is to be installed on the Check Point server or on a intermediary server that is setup to receive the output of Check Point’s cp_log_exporter.

Ideally, I’d like to avoid having to setup an intermediary server but I’m not sure that Filebeat can be installed on the Check Point server and how it would receive/process the output of cp_log_exporter all on the same system.

Thank you,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.