TLS syslog log source parameters for Check Point

If QRadar® does not automatically detect the log source, add a Check Point log source on the QRadar Console by using the TLS syslog protocol.

When using the TLS Syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect TLS Syslog events from Check Point:
Table 1. TLS Syslog log source parameters for the Check Point DSM
Parameter Value
Log Source type Check Point
Protocol Configuration TLS Syslog
Log Source Identifier

Type the IP address of your Check Point server as an identifier for events from your Check Point devices.

TLS Listen Port 6514
Authentication Mode TLS and Client Authentication
Client Certificate Path <full_path_to_file>/log_exporter.crt
Certificate Type PKCS12 Certificate Chain and Password
PKCS12 Certificate Path <full_path_to_the_file>/syslogServer.p12
PKCS12 Password The password for the PKCS12 Certificate.
Certificate Alias This field must be empty.
Max Payload Length 4096
Maximum Connections 50

For a complete list of TLS Syslog protocol parameters and their values, see TLS syslog protocol configuration options.