Skip to main content
Skip table of contents

Syslog - Check Point Log Exporter V2.0

Device Details

Device NameCheck Point Log Exporter

Vendor

Check Point

Device Type

N/A

Supported Model Name/Number

N/A

Supported Software Version(s)

R77.30, R80.10, R80.20, R80.30, R80.40, R81

Collection Method

Syslog

Configurable Log Output?

No

Log Source Type

Syslog - Check Point Log Exporter

Log Processing Policy

LogRhythm Default V2.0

Exceptions

N/A

Additional Information

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

Supported Log Messages

TypeProduct VersionSupported Schema Fields
V 2.0: Anti Virus EventsN/A<vmid>, <reason>, <severity>, <subject>, <dip>
V 2.0: Anti-Malware EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <sname>, <protnum>, <sinterface>, <login>, <snatip>, <url>, <useragent>, <bytesin>, <bytesout>, <severity>, <vendorinfo>, <threatname>, <status>, <domainimpacted>, <reason>, <policy>
V 2.0: Application Control EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <severity>, <bytesout>, <bytesin>, <sname>, <login>, <policy>, <subject>, <process>
V 2.0: Application Control URL Filtering EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <protname>, <duration>, <version>, <bytesin>, <packetsin>, <bytesout>, <packetsout>, <quantity>, <severity> <policy>, <subject>, <process>
V 2.0: CloudGuard IaaS EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <subject>, <login>, <url>, <severity>, <version>
V 2.0: Connectra EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <login>, <snatip>, <result>, <group>
V 2.0: Content Awareness EventsN/A<vmid>, <action>, <tag1>, <sip>, <dip>, <dport>, <protnum>, <object>, <objecttype>, <size>, <object>, <policy>
V 2.0: Core EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <vendorinfo>, <version>
V 2.0: Cpmidu_update_tool EventsN/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <domain>, <version>, <session>
V 2.0: Device EventsN/A<vmid>, <action>, <sip>, <sport> , <dip>, <dport> , <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version>
V 2.0: DLP EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <snatip>, <login>, <account>, <sender>, <severity>, <size>, <object>, <recipient>, <objecttype>, <reason>, <subject>, <url>, <policy>, <vendorinfo>
V 2.0: Endpoint Management EventN/A<vmid>, <dip>, <action>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>
V 2.0: Endpoint Security Mgmt EventN/A<vmid>, <dip>, <action>, <tag1>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>, <sip>, <policy>
V 2.0: ESOD EventsN/A<vmid>, <dip>, <action>, <status>
V 2.0: Eventia Analyzer EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip><dnatport>, <url>, <severity>, <login>, <vendorinfo>, <domainimpacted>, <dname>
V 2.0: FG VPN-1 & FireWall-1 EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <dname>, <login>, <account>, <bytesout>, <packetsout>, <bytesin>, <packetsin>, <policy>, <command>
V 2.0: Firewall EventsN/A<vmid>, <dip>, <reason>, <status>, <tag1>, <result>
V 2.0: Forensics EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <sname>, <login>, <severity>, <vendorinfo>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <status>
V 2.0: HTTPS Inspection EventsN/A<vmid>, <dip>, <sip>, <sport>, <dport>, <sinterface>, <dname>, <sname>, <action>, <protnum>, <login>, <account>, <severity>, <vendorinfo>, <reason>, <status>, <tag1>, <result>
V 2.0: Identity Awareness EventsN/A<vmid>, <action>, <sip>, <login>, <domainorigin>, <session>, <reason>, <duration>, <vendorinfo>, <status>, <group>, <sname>
V 2.0: Identity Logging EventsN/A<vmid>, <action>, <login>, <sname>, <sip>, <domainorigin>, <reason>, <duration>, <vendorinfo>
V 2.0: iOS Profiles EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0: IPS EventsN/A<vmid>, <dip>, <reason>, <vendorinfo>, <status>, <tag1>
V 2.0: Log Update EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <policy>, <bytesin>, <packetsin>, <bytesout>, <packetsout>
V 2.0: Media Encryption & Port Protection EventsN/A<vmid>, <sip>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <version>, <status>, <object>, <subject>, <objecttype>, <policy>
V 2.0: Mobile App EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version>
V 2.0: MTA EventsN/A<vmid>, <action>, <sip>, <sport>, (<dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <recipient>, <sender>, <subject>, <size>, <status>, <tag1>
V 2.0: Network Security EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0: New Anti-Virus EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sname>, <dname>, <sinterface>, <snatip>, <login>, <account>, <url>, <severity>, <recipient>, <sender>, <bytesin>, <bytesout>, <useragent>, <domainimpacted>, <vendorinfo>, <threatname>, <subject>, <reason>, <objecttype>, <object>, <result>, <threatid>, <policy>
V 2.0: OS Exploits EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
N/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0: RAD EventsN/A<vmid>, <dip>, <reason>, <vendorinfo>
V 2.0: Scheduled System Update EventN/A<vmid>, <dip>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>, <action>, <domainorigin>, <version>, <session>
V 2.0: Security Gateway/Management EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <result>
V 2.0: Smart Anti-Spam EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <recipient>, <sender>, <url>, <sname>, <policy>
V 2.0: Smart Defense EventsN/A<vmid>, <action>, <tag2>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <account>, <recipient>, <sender>, <url>, <dname>, <sname>, <vendorinfo>, <tag1>, <threatname>, <severity>, <cve>, <policy>
V 2.0: SmartConsole EventsN/A<vmid>, <dip>, <dname>, <action>, <tag1>, <vendorinfo>, <login>, <sip>
V 2.0: SmartDashboard EventsN/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0: SmartEvent Client EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <tag1>, <result>
V 2.0: SmartView EventsN/A<vmid>, <vendorinfo>, <login>, <action>, <sip>, <dip>
V 2.0: Syslog EventsN/A<vmid>, <dip>, <vendorinfo>, <severity>
V 2.0: System Monitor EventsN/A<vmid>, <dip>, <severity>, <vendorinfo>, <object>, <dname>, <subject>, <tag1>, <policy>
V 2.0: Threat Emulation EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <url>, <severity>, <result>, <login>, <sname>, <sender>, <recipient>, <subject>, <account>, <useragent>, <object>, <objecttype>, <size>, <session>, <vendorinfo>, <hash>, <threatname>, <reason>, <policy>
V 2.0: Threat Extraction EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <severity>, <recipient>, <sender>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <policy>
V 2.0: URL Filtering Application Control EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <protname>, <seconds>, <version>, <policy>, <quantity>, <subject>, <severity>, <process>
V 2.0: URL Filtering EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <process>, <subject>, <sname>, <login>, <bytesout>, <bytesin>, <seconds>, <policy>, <url>
V 2.0: VPN-1 & FireWall-1 EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <policy>, <bytesin>, <packetsin>, <bytesout>, <packetsout>, <command>
V 2.0: WEB_APIN/A<vmid>, <action>, <vendorinfo>, <status>, <login>, <sip>, <sname>, <object>, <objecttype>, <subject>
V 2.0: Web-UI EventsN/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0: WIFI Network EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <subject>, <login>, <url>, <sname>, <severity>, <status>, <version>
V 2.0: Zero Phishing EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <url>, <sname>, <login>, <severity>, <useragent>, <vendorinfo>, <threatname>, <vendorinfo>, <policy>, <result>

Revision History

KB Version

Log Type

Change Type

Details

N/ASyslog - Check Point Log ExporterDocumentationNew LSO Default V 2.0 document update
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close