TLS syslog log source parameters for Check Point
If QRadar does not automatically detect the log source, add a Check Point log source on the QRadar Console by using the TLS syslog protocol.
When using the TLS Syslog protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect TLS Syslog
events from Check Point:
Parameter | Value |
---|---|
Log Source type | Check Point |
Protocol Configuration | TLS Syslog |
Log Source Identifier |
Type the IP address of your Check Point server as an identifier for events from your Check Point devices. |
TLS Listen Port | 6514 |
Authentication Mode | TLS and Client Authentication |
Client Certificate Path | <full_path_to_file>/log_exporter.crt |
Certificate Type | PKCS12 Certificate Chain and Password |
PKCS12 Certificate Path | <full_path_to_the_file>/syslogServer.p12 |
PKCS12 Password | The password for the PKCS12 Certificate. |
Certificate Alias | This field must be empty. |
Max Payload Length | 4096 |
Maximum Connections | 50 |
For a complete list of TLS Syslog protocol parameters and their values, see TLS syslog protocol configuration options.