For CheckPoint device, you need first make sure, that your version has installed CheckPoint Log Export. Some of the latest versions of CheckPoint Security Gateways has already Log Export integrated in the software (80.40 and above), some versions need to install latest Jumbo Hotfix Accumulator (80.10 to 80.30) and some need to install a dedicated patch (version 77.10 to 77.30).
Once you sure, that CheckPoint Log Export is available on your system, there is just a few steps to have it running with Logmanager.
Create a new CheckPoint Log Export target with command cp_log_export add name Logmanager target-server 192.0.2.10 target-port 514 protocol tcp format generic where replace target-server IP with your Logmanager IP address.
Enable the target with command cp_log_export set name Logmanager enabled true
Restart the CheckPoint Log Export service with command cp_log_export restart name Logmanager
Here is the screenshot from CheckPoint expert console of configuration steps 1-3 in CheckPoint Secure Gateway version 80.40:
CheckPoint expert console of configuration steps
To review CheckPoint log exporter configuration run command cp_log_export show
Review CheckPoint log exporter configuration
on
On the Logmanager, add the proper classification to point the incoming logs from CheckPoint source IP to Logmanager CheckPoint parser. Save edited classifier or classifier template.
Adding the proper classification
Wait a minute and have a look into the Logmanager dashboards for CheckPoint, if they are filling with correct data.
CheckPoint logging via TLS syslog
For CheckPoint device, you first need to install the Log Exporter extension in your Gaia installation to ensure syslog messaging.
After you install the extension, follow these steps:
For encrypted communication, it is first necessary to provide a public CA certificate in the format .pem and create client certificate in format .p12 (contains certificate + a private key).
It is necessary to upload these certificates into your Gaia installation (eg using WinSCP) and create a folder for these certificates.