This method ensures that the Check Point Multi-Domain Management (Provider-1) DSM for IBM
QRadar accepts Check Point
Multi-Domain Management (Provider-1) events by using syslog.
About this task
QRadar records all relevant
Check Point Multi-Domain Management (Provider-1) events.
Configure syslog on your Check Point Multi-Domain Management (Provider-1) device:
Procedure
-
Type the following command to access the console as an expert user:
expert
A password prompt is displayed.
-
Type your expert console password. Press the Enter key.
-
Type the following command:
-
Select the wanted customer logs:
-
Input the following command:
# nohup $FWDIR/bin/fw log -ftn | /usr/bin/logger -p
<facility>.<priority> 2>&1 &
Where:
- <facility> is a syslog facility, for example, local3.
- <priority> is a syslog priority, for example, info.
You are now ready to configure the log source in
QRadar.
The configuration is
complete. The log source is added to QRadar as the Check Point
Multi-Domain Management Provider-1 syslog events are automatically discovered. Events that are
forwarded to QRadar are
displayed on the Log Activity tab.