Device Details

Device NameCheck Point Log Exporter

Vendor

Check Point

Device Type

N/A

Supported Model Name/Number

N/A

Supported Software Version(s)

R77.30, R80.10, R80.20, R80.30, R80.40, R81

Collection Method

Syslog

Configurable Log Output?

No

Log Source Type

Syslog - Check Point Log Exporter

Log Processing Policy

LogRhythm Default 2.0

Exceptions

N/A

Additional Information

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk122323

Supported Log Messages

Type

Product Version

Supported Schema Fields

V 2.0 : Anti Malware EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <sname>, <protnum>, <sinterface>, <login>, <snatip>, <url>, <useragent>, <bytesin>, <bytesout>, <severity>, <vendorinfo>, <threatname>, <status>, <domainimpacted>, <reason>
V 2.0 : Anti Virus EventsN/A

<vmid>, <reason>, <severity>, <subject>, <dip>

V 2.0 : Application Control EventsN/A

<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <severity>, <bytesout>, <bytesin>, <sname>, <login>

V 2.0 : Application Control URL Filtering EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <vendorinfo>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <protname>, <duration>, <version>, <bytesin>, <packetsin>, <bytesout>, <packetsout>, <quantity>, <severity>
V 2.0 : Connectra EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <login>, <snatip>, <result>, <group>
V 2.0 : Content Awareness EventsN/A<vmid>, <action>, <tag1>, <sip>, <dip>, <dport>, <protnum>, <object>, <objecttype>, <size>, <object>
V 2.0 : Core EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <login>, <severity>, <vendorinfo>, <version>
V 2.0 : Device EventsN/A<vmid>, <action>, <sip>, <sport> , <dip>, <dport> , <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version>
V 2.0 : DLP EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <snatip>, <login>, <account>, <sender>, <severity>, <size>, <object>, <recipient>, <policy>, <objecttype>, <reason>, <subject>, <url>, <vendorinfo>
V 2.0 : Endpoint Management EventN/A<vmid>, <dip>, <action>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>
V 2.0 : Endpoint Security Mgmt EventN/A<vmid>, <dip>, <action>, <tag1>, <vendorinfo>, <status>, <login>, <object>, <objecttype>, <subject>, <sip>, <policy>
V 2.0 : ESOD EventsN/A

<vmid>, <dip>, <action>, <status>

V 2.0 : Eventia Analyzer EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip><dnatport>, <url>, <severity>, <login>, <vendorinfo>, <domainimpacted>, <dname>
V 2.0 : FG VPN-1 & FireWall-1 EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <sname>, <dname>, <login>, <account>, <bytesout>, <itemsout>, <bytesin>, <itemsin>
V 2.0 : Firewall EventsN/A<vmid>, <dip>, <reason>, <status>, <tag1>, <result>
V 2.0 : Forensics EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <sname>, <login>, <severity>, <vendorinfo>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <status>
V 2.0 : HTTPS Inspection EventsN/A<vmid>, <dip>, <sip>, <sport>, <dport>, <sinterface>, <dname>, <sname>, <action>, <protnum>, <login>, <account>, <severity>, <vendorinfo>, <reason>, <status>, <tag1>, <result>
V 2.0 : Identity Awareness EventsN/A<vmid>, <action>, <sip>, <login>, <domainorigin>, <session>, <reason>, <duration>, <vendorinfo>, <status>, <group>, <sname>
V 2.0 : Identity Logging EventsN/A<vmid>, <action>, <login>, <sname>, <sip>, <domainorigin>, <reason>, <duration>, <vendorinfo>
V 2.0 : iOS Profiles EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0 : IPS EventsN/A<vmid>, <dip>, <reason>, <vendorinfo>, <status>, <tag1>
V 2.0 : Log Update EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>
V 2.0 : Mobile App EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <severity>, <status>, <version>
V 2.0 : MTA EventsN/A<vmid>, <action>, <sip>, <sport>, (<dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <recipient>, <sender>, <subject>, <size>, <status>, <tag1>
V 2.0 : Network Security EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0 : New Anti-Virus EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sname>, <dname>, <sinterface>, <snatip>, <login>, <account>, <url>, <severity>, <recipient>, <sender>, <bytesin>, <bytesout>, <useragent>, <domainimpacted>, <vendorinfo>, <threatname>, <subject>, <reason>, <objecttype>, <object>, <result>, <threatid>
V 2.0 : OS Exploits EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <login>, <severity>, <threatname>, <status>, <version>
V 2.0 : RAD EventsN/A<vmid>, <dip>, <reason>, <vendorinfo>
V 2.0 : Security Gateway/Management EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <result>
V 2.0 : SmartConsole EventsN/A

<vmid>, <dip>, <dname>, <action>, <tag1>, <vendorinfo>, <login>, <sip>

V 2.0 : Smart Defense EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <account>, <recipient>, <sender>, <url>, <dname>, <sname>, <vendorinfo>, <threatname>, <severity>, <cve>
V 2.0 : SmartEvent Client EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <severity>, <vendorinfo>, <status>, <tag1>, <result>
V 2.0 : SmartView EventsN/A<vmid>, <vendorinfo>, <login>, <action>, <sip>, <dip>
V 2.0 : Syslog EventsN/A<vmid>, <dip>, <vendorinfo>, <severity>
V 2.0 : System Monitor EventsN/A<vmid>, <dip>, <severity>, <vendorinfo>, <object>, <dname>, <subject>, <tag1>, <policy>
V 2.0 : Threat Emulation EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <snatip>, <url>, <severity>, <result>, <login>, <sname>, <sender>, <recipient>, <subject>, <account>, <useragent>, <object>, <objecttype>, <size>, <session>, <vendorinfo>, <hash>, <threatname>, <reason>
V 2.0 : Threat Extraction EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>, <url>, <severity>, <recipient>, <sender>, <threatname>, <subject>, <hash>, <object>, <objecttype>, <size>, <policy>
V 2.0 : URL Filtering EventsN/A<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <url>, <subject>, <sname>, <login>, <bytesout>, <bytesin>
V 2.0 : VPN-1 & FireWall-1 EventsN/A

<vmid>, <action>, <tag1>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <snatip>, <snatport>, <dnatip>, <dnatport>, <login>

V 2.0 : WEB_APIN/A<vmid>, <action>, <vendorinfo>, <status>, <login>, <sip>, <object>, <objecttype>, <subject>
V 2.0 : WIFI Network EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <reason>, <subject>, <login>, <url>, <sname>, <severity>, <status>, <version>
V 2.0 : Zero Phishing EventsN/A

<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <url>, <sname>, <login>, <severity>, <useragent>, <vendorinfo>, <threatname>, <vendorinfo>, <policy>, <result>

V 2.0 : CloudGuard IaaS EventsN/A<vmid>, <action>, <sip>, <sport>, <dip>, <dport>, <protnum>, <sinterface>, <reason>, <subject>, <login>, <url>, <severity>, <version>
V 2.0 : SmartDashboard EventsN/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0 : Cpmidu_update_tool EventsN/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <domain>, <version>, <session>
N/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>, <sinterface>, <version>
V 2.0 : Web-UI EventsN/A<vmid>, <sip>, <subject>, <status>, <login>, <object>, <objecttype>, <action>,<sinterface>, <version>

Revision History

KB Version

Log Type

Change Type

Details

N/AN/ADocumentationNew LSO Default V 2.0 document update