CheckPoint logs error with filebeat

julianksanchez · June 28, 2020, 3:58pm

Hello,
I am trying to obtain firewall logs from syslog. I configurate checkpoint module of filebeat. I dont know if anyone did yet, because I have problems I can see the logs of filebeat and I see it message in var/lo/syslogs

1syslog/input.go:243#011can't parse event as syslog rfc3164#011{"message":

In the message of overview I filter for filebeat index and I observed it.

Provided Grok expressions do not match field value: [<134>1 2020-06-23T00:33:20Z CP_CheckPoint 5561 - [action:\"Encrypt\"; flags:\"417028\"; ifdir:\"inbound\"; ifname:\"eth2\"; logid:\"0\"; loguid:\"{ox}\"; origin:\"10.10.10.2\"; originsicname:\"CN=C,O=LA..mrqm2j\"; sequencenum:\"4\"; time:\"1592872400\"; version

Any help???

system · July 26, 2020, 5:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can't parse event as syslog rfc3164 Beats filebeat	5	347	March 4, 2024
Filebeat Fortinet module - can't parse event as syslog rfc3164 Beats filebeat	2	715	April 12, 2022
Filebeat CEF Checkpoint errors Beats beats-module , filebeat	6	1009	August 5, 2021
Filebeat CheckPoint Module Beats beats-module , filebeat	3	743	April 5, 2021
[CheckPoint] [Filebeat 7.8] Provided Grok expressions do not match field value Beats filebeat	1	505	July 21, 2020

CheckPoint logs error with filebeat

Related topics