Check Point

The im_checkpoint module, provided by NXLog Agent, can collect logs from Check Point devices over the OPSEC LEA protocol.

Example 1. Collecting Check Point Opsec LEA logs

With the following configuration, NXLog Agent will collect logs from Check Point devices over the LEA protocol and write them to file in JSON format.

nxlog.conf
<Extension _json>
    Module          xm_json
</Extension>

<Input checkpoint>
    Module          im_checkpoint
    Command         /opt/nxlog/bin/nx-im-checkpoint
    LEAConfigFile   /opt/nxlog/etc/lea.conf
</Input>

<Output file>
    Module          om_file
    File            'tmp/output'
    Exec            $raw_event = to_json();
</Output>

<Route checkpoint_to_file>
    Path            checkpoint => file
</Route>
Disclaimer

While we endeavor to keep the information in our guides up to date and correct, NXLog makes no representations or warranties of any kind, express or implied about the completeness, accuracy, reliability, suitability, or availability of the content represented here. We update our screenshots and instructions on a best-effort basis.

Last revision: 17 September 2018