# Check Point Firewall (syslog)

In this guide, you will create a new entry in the Check Point Log Exporter configuration. This is required in order to send Check Point Firewalls logs to Radiant Security with the use of an intermediary syslog relay server for additional security.

### Add the data connector in Radiant Security

First, you’ll add the Check Point Networks Firewall data connector in Radiant Security.

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the **Radiant Agent** option and then click **Data Feeds**.
4. Under **Select your data feeds**, select **Check Point Firewall** and then click **Credentials**.
5. Under **Credential Name**, give the Radiant Agent integration an identifiable name (e.g. `Radiant Agent Integration`). If you will reuse a Radiant Agent, select it from the drop-down menu.
6. Click **Add Connector**.

### Configure a local Radiant Agent

Refer to the [Install the Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

### Configure syslog forwarding

By default, the log exporter module comes installed on **R80.10 and later versions.** If you are running a Check Point version *older* than **R80.10**, then you won't have access to the built-in Log Exporter feature and will have to forward the logs via [OPSEC LEA](https://community.checkpoint.com/t5/SMB-Gateways-Spark/How-to-send-log-from-Checkpoint-moreover-Opsec-LEA/td-p/29508).

If the Check Point gateways are managed by a central console, refer to the **Centrally managed gateways** section. If the gateways are individually managed, refer to the **Individual gateways** section.

### Enable extended logging on policies and rules

Before setting up the syslog forwarding, it's important to make sure the security policies and rules are configured to generate logs. To do so, enable the **Track** option and set it to **Log**, and when applicable, enable the **Extended Log** feature.

For more details on how to set up the tracking and logging options, refer to the [Check Point documentation](https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Tracking-Options.htm).

### Centrally managed gateways

If the Check Point gateways are managed by a central console, then complete the following steps:

1. Connect to the **SmartConsole** using **Administrator** credentials
2. Go to **Logs & Monitor** and select **Log Exporter** under the **Gateways** tab.
3. Click **+ Add Exporter** to create a new log exporter.
4. Enter the following parameters:
   * **Name**: `RadiantSecurityForwarder`
   * **Target Server**:
     * **IPv4 Address**: `<RadiantAgentIPAddress>`
     * **Protocol**: `TCP`
     * **Port**: `<PortConfiguredToReceiveCheckPointFirewall>`
   * **Format**: `JSON`
   * Select `Show Obfuscated Fields` (if present)
   * Under **Select Logs to Forward**, select only `Security Logs`
5. Click **OK** to save the configuration
6. Navigate to **Gateways & Servers** in SmartConsole.
7. Select the gateway or cluster to configure and click **Edit**.
8. Go to **Logs** > **Log Export Settings**.
9. Under **Log Exporter**, select the previously created log exporter (e.g., `RadiantSecurityForwarder`).
10. Click **OK** to save changes.
11. Click **Publish** to confirm the changes
12. Navigate to **Security Policies** and click **Install Policy** to apply the configuration to the selected gateways

### Individual gateways

If the Check point gateways are *individually* managed, then complete the following steps:

1. Access the gateway's WebUI using **Administrator** credentials.
2. Navigate to **Logs & Monitoring** or **System Logs** (The naming varies based on firmware version).
3. Locate the **Log Exporter** or **Syslog** configuration section.
4. Click **Add Syslog Server**.
5. Enter the following parameters:
   * **Name**: `RadiantSecurityForwarder`
   * **IPv4 Address**: `<RadiantAgentIPAddress>`
   * **Protocol**: `TCP`
   * **Port**: `<PortConfiguredToReceiveCheckPointFirewall>`
   * **Format**: `JSON`
   * Select `Show Obfuscated Fields` (if present)
   * Under **Select Logs to Forward**, select only `Security Logs`
6. Click **OK** to save the configuration.

Before setting up the syslog forwarding, it's important to make sure the security policies and rules are configured to generate logs. To do so, the security policies must have the **Track** option enabled and set to **Log**, and when applicable, with the **Extended Log** feature enabled.

For more details on how to setup the tracking and logging options, refer to the [Check Point documentation](https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Tracking-Options.htm).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/check-point-firewall-syslog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.