I’m a new Graylog user and I’m trying to collect logs from several firewalls on my network. The firewalls are Checkpoint R77 and the Graylog server is correctly receiving the traffic, however, the parser is not correctly interpreting the syslog messages. For example, the source field is filled by the process that generated the log entry.
I already have other devices, such as Juniper and Arista, correctly sending the logs to graylog and parsed correctly.
I’ve googled around and can’t seem to find any example of a Checkpoint device sending logs to a Graylog server, or a checkpoint parser for graylog (I’m willing to write my own, btw).
Can anyone confirm if this is a known issue? Can anyone help me troubleshoot the issue?