CheckPoint logs error with filebeat

Hello,
I am trying to obtain firewall logs from syslog. I configurate checkpoint module of filebeat. I dont know if anyone did yet, because I have problems I can see the logs of filebeat and I see it message in var/lo/syslogs

1syslog/input.go:243#011can't parse event as syslog rfc3164#011{"message":

In the message of overview I filter for filebeat index and I observed it.

Provided Grok expressions do not match field value: [<134>1 2020-06-23T00:33:20Z CP_CheckPoint 5561 - [action:\"Encrypt\"; flags:\"417028\"; ifdir:\"inbound\"; ifname:\"eth2\"; logid:\"0\"; loguid:\"{ox}\"; origin:\"10.10.10.2\"; originsicname:\"CN=C,O=LA..mrqm2j\"; sequencenum:\"4\"; time:\"1592872400\"; version

Any help???

1 Like