I’m not sure if I can run an agent on it or push logs to syslog. I will have to contact CP Support to find out if it effects how logs are processed in CP Smartview Tracker because we use that extensively. Thanks for the assistance. One workaround I discovered is to use Splunk to connect since it is OPSEC certified and then use the OSSEC add-in for Splunk to get all my logs to the same application.
Thanks, Jason Dean IT Administrator PRO Consulting Services, Inc. NOTICE OF CONFIDENTIALITY: This electronic communication may contain confidential information intended solely for PRO Consulting Services, Inc. business by the individual to whom it is addressed. Any disclosure (verbal or in print), copying, distribution, or use of this information by an unauthorized person is prohibited, and may violate PRO Consulting policy and/or federal laws. Should you receive this electronic communication in error, please notify the sender immediately at the following telephone number: 713-523-1800. Thereafter, please delete the message. From: [email protected] [mailto:[email protected]] On Behalf Of Eero Volotinen Sent: Thursday, September 24, 2015 11:48 PM To: ossec-list; [email protected] Subject: Re: [ossec-list] Checkpoint OPSEC Certification Hi, Is there any problems to set checkpoint to log into syslog and then use ossec agent on box to forward logs to ossec server? This is usual way to do this.. -- Eero 2015-09-25 0:37 GMT+03:00 <[email protected]>: Hello, I'm trying to get my Checkpoint firewall, ips, vpn, etc. logs into OSSEC, but Checkpoint is telling me that it has to be OPSEC certified in order to make a connection. If you are pulling your CheckPoint Gaia R77.20 firewall logs into OSSEC, how did you do it? I have seen the articles on forwarding syslog, but those are only the OS log files. I have also seen THIS <https://blog.rootshell.be/2014/08/28/check-point-firewall-logs-and-logstash-elk-integration/#more-26358> article on using an 'agent in the middle' to create a secure connection, but there has to be a better way. Any help would be greatly appreciated! Thanks! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
