With previous versión of OPEC LEA, I could get logs from other security blades like "URL Filtering", "Application Control" and so on. Now, I only can get logs from "IDS" and "Firewall". Any idea?
We hace checkpoint management server in CP v8.1.
change the collection mode to non-audit and search the indexed even by using product="Application Control" OR product="URL Filtering"
Hello, I had the same problem, but I changed the connection as the following and the events started to appear:
•Non-Audit: Collects all event types except audit events. (http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Setup2 )
Now I would like to find out how to limit the incoming logs only to "URL Filtering" and "Application control logs", but not all the firewall logs those are too many of them and I don't need them currently.