Checkpoint firewall add logs


I tried the classic way of configuring the logs to get in, but it seems nothing goes in.
Besides the INPUT configuration under Graylog graphical interface, do i also need to configure something on the firewall itself, something like the system.d to forward the logs towards the graylog server…?


Afternoon @adrianrus,

By the traditional way, do you mean something like this

It should be as simple as setting the the Firewall syslog settings to send to Graylog’s ip/hostname on whatever port the syslog input is listening on.

What model/os is the firewall?

for >= R80: The security log must be activated in the track option for the rule.

where is this actually… ?
Excuse my ignorance :smiley:

Googling for “track option” turned up this.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.