Syslog - Check Point Log Exporter V2.0

Device Details

Device Name	Check Point Log Exporter
Vendor	Check Point
Device Type	N/A
Supported Model Name/Number	N/A
Supported Software Version(s)	R77.30, R80.10, R80.20, R80.30, R80.40, R81
Collection Method	Syslog
Configurable Log Output?	No
Log Source Type	Syslog - Check Point Log Exporter
Log Processing Policy	LogRhythm Default 2.0
Exceptions	N/A
Additional Information	https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

Supported Log Messages

Type	Product Version	Supported Schema Fields
V 2.0 : Anti Malware Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <sname>, <protnum>, <sinterface>, <login>, <snatip>, <url>, <useragent>, <bytesin>, <bytesout>, <severity>, <vendorinfo>, <threatname>, <status>, <domainimpacted>, <reason>, <policy>
V 2.0 : Anti Virus Events	N/A	<vmid>, <reason>, <severity>, <subject>, <dip>
V 2.0 : Application Control Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <severity>, <bytesout>, <bytesin>, <sname>, <login>, <policy>, <subject>, <process>
V 2.0 : Application Control URL Filtering Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <protname>, <duration>, <version>, <bytesin>, <packetsin>, <bytesout>, <packetsout>, <quantity>, <severity> <policy>, <subject>, <process>
V 2.0 : Connectra Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <login>, <snatip>, <result>, <group>
V 2.0 : Content Awareness Events	N/A	<vmid>, <action>, <tag1>, <sip>, <dip>, <dport>, <protnum>, <object>, <objecttype>, <size>, <object>, <policy>
V 2.0 : Core Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <vendorinfo>, <version>
V 2.0 : Device Events	N/A	<vmid>, <action>, <sip>, <sport> , <dip>, <dport> , <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version>
V 2.0 : DLP Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <snatip>, <login>, <account>, <sender>, <severity>, <size>, <object>, <recipient>, <policy>, <objecttype>, <reason>, <subject>, <url>, <vendorinfo>
V 2.0 : Endpoint Management Event	N/A	<vmid>, <dip>, <action>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>
V 2.0 : Endpoint Security Mgmt Event	N/A	<vmid>, <dip>, <action>, <tag1>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>, <sip>, <policy>
V 2.0 : ESOD Events	N/A	<vmid>, <dip>, <action>, <status>
V 2.0 : Eventia Analyzer Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip><dnatport>, <url>, <severity>, <login>, <vendorinfo>, <domainimpacted>, <dname>
V 2.0 : FG VPN-1 & FireWall-1 Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <dname>, <login>, <account>, <bytesout>, <itemsout>, <bytesin>, <itemsin>, <policy>
V 2.0 : Firewall Events	N/A	<vmid>, <dip>, <reason>, <status>, <tag1>, <result>
V 2.0 : Forensics Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <sname>, <login>, <severity>, <vendorinfo>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <status>
V 2.0 : HTTPS Inspection Events	N/A	<vmid>, <dip>, <sip>, <sport>, <dport>, <sinterface>, <dname>, <sname>, <action>, <protnum>, <login>, <account>, <severity>, <vendorinfo>, <reason>, <status>, <tag1>, <result>
V 2.0 : Identity Awareness Events	N/A	<vmid>, <action>, <sip>, <login>, <domainorigin>, <session>, <reason>, <duration>, <vendorinfo>, <status>, <group>, <sname>
V 2.0 : Identity Logging Events	N/A	<vmid>, <action>, <login>, <sname>, <sip>, <domainorigin>, <reason>, <duration>, <vendorinfo>
V 2.0 : iOS Profiles Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0 : IPS Events	N/A	<vmid>, <dip>, <reason>, <vendorinfo>, <status>, <tag1>
V 2.0 : Log Update Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>
V 2.0 : Mobile App Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version>
V 2.0 : MTA Events	N/A	<vmid>, <action>, <sip>, <sport>, (<dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <recipient>, <sender>, <subject>, <size>, <status>, <tag1>
V 2.0 : Network Security Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0 : New Anti-Virus Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sname>, <dname>, <sinterface>, <snatip>, <login>, <account>, <url>, <severity>, <recipient>, <sender>, <bytesin>, <bytesout>, <useragent>, <domainimpacted>, <vendorinfo>, <threatname>, <subject>, <reason>, <objecttype>, <object>, <result>, <threatid>, <policy>
V 2.0 : OS Exploits Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0 : RAD Events	N/A	<vmid>, <dip>, <reason>, <vendorinfo>
V 2.0 : Security Gateway/Management Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <result>
V 2.0 : SmartConsole Events	N/A	<vmid>, <dip>, <dname>, <action>, <tag1>, <vendorinfo>, <login>, <sip>
V 2.0 : Smart Defense Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <account>, <recipient>, <sender>, <url>, <dname>, <sname>, <vendorinfo>, <threatname>, <severity>, <cve>
V 2.0 : SmartEvent Client Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <tag1>, <result>
V 2.0 : SmartView Events	N/A	<vmid>, <vendorinfo>, <login>, <action>, <sip>, <dip>
V 2.0 : Syslog Events	N/A	<vmid>, <dip>, <vendorinfo>, <severity>
V 2.0 : System Monitor Events	N/A	<vmid>, <dip>, <severity>, <vendorinfo>, <object>, <dname>, <subject>, <tag1>, <policy>
V 2.0 : Threat Emulation Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <url>, <severity>, <result>, <login>, <sname>, <sender>, <recipient>, <subject>, <account>, <useragent>, <object>, <objecttype>, <size>, <session>, <vendorinfo>, <hash>, <threatname>, <reason>, <policy>
V 2.0 : Threat Extraction Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <severity>, <recipient>, <sender>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <policy>
V 2.0 : URL Filtering Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <subject>, <sname>, <login>, <bytesout>, <bytesin>, <policy>, <process>
V 2.0 : VPN-1 & FireWall-1 Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <policy>
V 2.0 : WEB_API	N/A	<vmid>, <action>, <vendorinfo>, <status>, <login>, <sip>, <object>, <objecttype>, <subject>
V 2.0 : WIFI Network Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <subject>, <login>, <url>, <sname>, <severity>, <status>, <version>
V 2.0 : Zero Phishing Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <url>, <sname>, <login>, <severity>, <useragent>, <vendorinfo>, <threatname>, <vendorinfo>, <policy>, <result>
V 2.0 : CloudGuard IaaS Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <subject>, <login>, <url>, <severity>, <version>
V 2.0 : SmartDashboard Events	N/A	<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0 : Cpmidu_update_tool Events	N/A	<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <domain>, <version>, <session>
V 2.0 : Query-database Events	N/A	<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0 : Web-UI Events	N/A	<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>,<sinterface>, <version>
V 2.0 : Media Encryption & Port Protection Events	N/A	<vmid>, <sip>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <version>, <status>, <object>, <subject>, <objecttype>, <policy>
V 2.0 : Smart Anti Spam Events	N/A	<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <recipient>, <sender>, <url>, <sname>, <policy>
V 2.0 : URL Filtering Application Control Events	N/A	<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <protname>, <seconds>, <version>, <policy>, <quantity>, <subject>, <severity>, <process>

Revision History

KB Version	Log Type	Change Type	Details
N/A	N/A	Documentation	New LSO Default V 2.0 document update