Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Checkpoint with Splunk on Windows

Michael_Wilde
Splunk Employee
Splunk Employee
‎10-18-2010 02:54 PM

Does the Checkpoint LEA app work on windows? or has anyone tweaked it to work?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎06-21-2011 03:18 PM

just tested the Windows FW1-loggrabber executable (1.11.1) and it works well with R75.

http://sourceforge.net/projects/fw1-loggrabber/

I'm sure the splunk APP can be tweaked to accommodate the event data:

C:\set4bits\FW1-Loggrabber>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) R75 - Build 254
C:\set4bits\FW1-Loggrabber>fw1-loggrabber.exe |more
loc=0|time=2011-06-17 17:51:38|action=ctl|orig=172.16.12.200|i/f_dir=inbound|i/f
_name=daemon|has_accounting=0|uuid=<00000000,00000000,00000000,00000000>|log_sys
_message=Log file has been switched to: 2011-06-17_152203_1.log
loc=1|time=2011-06-17 17:51:43|action=accept|orig=172.16.12.200|i/f_dir=inbound|
i/f_name=E1G606|has_accounting=0|uuid=<4dfbf69f,00000000,c80c10ac,0000ffff>|prod
uct=VPN-1 & FireWall-1|__policy_id_tag=product=VPN-1 & FireWall-1[db_tag={9D0262
9E-B095-40D3-AE39-FA4DA8BB5F01};mgmt=WIN-BVJQ2GHXBVN;date=1308353659;policy_name
=Standard]|src=172.16.12.138|s_port=60819|dst=172.16.12.200|service=18184|proto=
tcp|rule=4

View solution in original post

Reply
Solved! Jump to solution

nicolasfigaro
New Member
‎07-02-2012 02:21 AM

Hi all,
loggrabber works fine, but I can't make it work correctly with splunk.

Did anyone already manage to fetch logs vialea on windows splunk ?

thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎06-21-2011 03:18 PM

just tested the Windows FW1-loggrabber executable (1.11.1) and it works well with R75.

http://sourceforge.net/projects/fw1-loggrabber/

I'm sure the splunk APP can be tweaked to accommodate the event data:

C:\set4bits\FW1-Loggrabber>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) R75 - Build 254
C:\set4bits\FW1-Loggrabber>fw1-loggrabber.exe |more
loc=0|time=2011-06-17 17:51:38|action=ctl|orig=172.16.12.200|i/f_dir=inbound|i/f
_name=daemon|has_accounting=0|uuid=<00000000,00000000,00000000,00000000>|log_sys
_message=Log file has been switched to: 2011-06-17_152203_1.log
loc=1|time=2011-06-17 17:51:43|action=accept|orig=172.16.12.200|i/f_dir=inbound|
i/f_name=E1G606|has_accounting=0|uuid=<4dfbf69f,00000000,c80c10ac,0000ffff>|prod
uct=VPN-1 & FireWall-1|__policy_id_tag=product=VPN-1 & FireWall-1[db_tag={9D0262
9E-B095-40D3-AE39-FA4DA8BB5F01};mgmt=WIN-BVJQ2GHXBVN;date=1308353659;policy_name
=Standard]|src=172.16.12.138|s_port=60819|dst=172.16.12.200|service=18184|proto=
tcp|rule=4
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...