Check Point

The im_checkpoint module, provided by NXLog Agent, can collect logs from Check Point devices over the OPSEC LEA protocol.

Example 1. Collecting Check Point OPSEC LEA logs

With the following configuration, NXLog Agent will collect logs from Check Point devices over the LEA protocol and write them to file in JSON format.

nxlog.conf

<Extension _json>
    Module          xm_json
</Extension>

<Input checkpoint>
    Module          im_checkpoint
    Command         /opt/nxlog/bin/nx-im-checkpoint
    LEAConfigFile   /opt/nxlog/etc/lea.conf
</Input>

<Output file>
    Module          om_file
    File            'tmp/output'
    Exec            $raw_event = to_json();
</Output>

<Route checkpoint_to_file>
    Path            checkpoint => file
</Route>

Disclaimer

While we endeavor to keep the information in our guides up to date and correct, NXLog makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability, or availability of the content represented here. We update our screenshots and instructions on a best-effort basis.

NXLog does not guarantee that any scripts provided in our guides are error-free, secure, or suitable for any specific environment. Use of the scripts is at your own risk. In no event shall NXLog be liable for any damages or losses arising from using these scripts.

Last revision: 17 September 2018