Network Logs
      Back to home
      1. Radiant Help Center
      2. Getting Started
      3. Network Logs

      Check Point Firewall (syslog)

      Configure Check Point Firewall to forward syslog to Radiant Security.

      Overview

      In this guide, you will create a new entry in the Check Point Log Exporter configuration. This is required in order to send Check Point Firewalls logs to Radiant Security with the use of an intermediary syslog relay server for additional security.

      To do this, you’ll need to complete the following configuration steps:

      Add the data connector in Radiant Security

      First, you’ll add the Check Point Networks Firewall data connector in Radiant Security.

      1.   Log in to Radiant Security.
      2.   From the navigation menu, click Settings > Data Connectors and click + Add Connector.
      3.   Search for and select the Check Point Firewall (syslog) option and then click Data Feeds. image

      4.   Select the Check Point Firewall data feed and then click Credentials.

       

       

       

      		 image(1)

      5.   Under Credential Name, give the credential an identifiable name (e.g. Check Point Credentials). If you already have a credential in place, select it from the drop-down menu. Click Credentials
      6.   In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

      7.   Click Add Connector.

      		 image(2)
      8.   Save the Token value or use the Download Files option to save the token as a file. This token will be used in the Configure a local Radiant Security Syslog Collector section.
      9.   Click Done to save your changes.

      		 image(3)

      Configure a local Radiant Security Syslog Collector

      Refer to the Deploy a Radiant Security Syslog Collector guide to set up a local Radiant Syslog Collector.

      Enable extended logging on policies and rules

      Before setting up the syslog forwarding, it's important to make sure the security policies and rules are configured to generate logs. To do so, enable the Track option and set it to Log, and when applicable, enable the Extended Log feature.

      For more details on how to set up the tracking and logging options, refer to the Check Point documentation.

      Configure syslog forwarding

      By default, the log exporter module comes installed on R80.10 and later versions. If you are running a Check Point version older than R80.10, then you won't have access to the built-in Log Exporter feature and will have to forward the logs via OPSEC LEA.

      If the Check Point gateways are managed by a central console, refer to the Centrally managed gateways section. If the gateways are individually managed, refer to the Individual gateways section.

      Centrally managed gateways

      If the Check Point gateways are managed by a central console, then complete the following steps:

      1. Connect to the SmartConsole using Administrator credentials.
      2. Go to Logs & Monitor and select Log Exporter under the Gateways tab.
      3. Click + Add Exporter to create a new log exporter.
      4. Enter the following parameters:
        1. Name: RadiantSecurityForwarder
        2. Target Server:
          1. IPv4 Address: <syslogCollectorIPAddress>
          2. Protocol: TCP
          3. Port: 6514
        3. Format: JSON
        4. Select Show Obfuscated Fields (if present)
        5. Under Select Logs to Forward, select only Security Logs
      5. Click OK to save the configuration.
      6. Navigate to Gateways & Servers in SmartConsole.
      7. Select the gateway or cluster to configure and click Edit.
      8. Go to Logs > Log Export Settings.
      9. Under Log Exporter, select the previously created log exporter (e.g., RadiantSecurityForwarder).
      10. Click OK to save changes.
      11. Click Publish to confirm the changes.
      12. Navigate to Security Policies and click Install Policy to apply the configuration to the selected gateways.

      Individual gateways

      If the Check point gateways are individually managed, then complete the following steps:

      1. Access the gateway's WebUI using Administrator credentials.
      2. Navigate to Logs & Monitoring or System Logs (the naming varies based on firmware version).
      3. Locate the Log Exporter or Syslog configuration section.
      4. Click Add Syslog Server.
      5. Enter the following parameters:
        1. Name: RadiantSecurityForwarder
        2. IPv4 Address: <syslogCollectorIPAddress>
        3. Protocol: TCP
        4. Port: 6514
        5. Format: JSON
        6. Select Show Obfuscated Fields (if present)
        7. Under Select Logs to Forward, select only Security Logs
      6. Click OK to save the configuration.

       

      We value your opinion. Did you find this article helpful? Share your thoughts by clicking here or reach to our Product and Customer Success teams at support@radiantsecurity.ai 

       

      Last updated: 2024-12-27