Fleet Check Point Integration

I´ve been trying to play around with the check point integration but it looks like is going nowhere!!! Can someone help me out??? The Elastic documentation related to this integration does not help....

Really appreciate for the atention.

Are you using this part of the documentation? Check Point module | Filebeat Reference [7.14] | Elastic

Where are you stuck more exactly?

I'm trying to add the check point logs through the fleet integrations panel.

Follow the screens, it looks like its not enough just adding the integration. I'm missing something?

I thought for a second that I only needed to make the integration and set the ports used to ingest the logs from the check point firewall.... but does not work...

Thanks for the attention.

You have the integration, then you have to deploy a Fleet agent and assign it that integration (since you're using localhost there you have to deploy the agent on the same machine that you have the Checkpoint Firewall)

Should I use another server as log collector using this agent and then from the firewall send the logs to the server in question? I dont believe I could install this agent on the same check point firewall appliance.

Thanks in advance

Correct. You need to deploy an agent somewhere and then assign the policy with the integration to it. It's no different than if you used the filebeat module.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.