I’m hoping someone can clarify how Filebeat is supposed to be setup when being used to process logs from a Check Point firewall (as covered here: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-checkpoint.html)
The article doesn’t indicate if Filebeat is to be installed on the Check Point server or on a intermediary server that is setup to receive the output of Check Point’s cp_log_exporter.
Ideally, I’d like to avoid having to setup an intermediary server but I’m not sure that Filebeat can be installed on the Check Point server and how it would receive/process the output of cp_log_exporter all on the same system.
Thank you,
Jason