Log file setup for Check Point Syslog in Cyfin
In order to set up Check Point Syslog firewall logs in Cyfin, you must first get the CPLogToSyslog utility. Contact Check Point Support to request the hotfix that contains the utility. If you are running Check Point R77.30, the utility may not be needed. Confirm with Check Point Support. The utility gives Check Point the ability to port the syslog data from the firewall to a specified IP address and port. You will want to forward the “URL filtering” logs from Check Point to the Cyfin syslog server.
Once the CPLogToSyslog utility is installed, Check Point must be configured to have the syslog data pointed to an IP address and port. These will point to the Cyfin server’s IP address and port of choice (default port is UDP 514 for syslog). Once this part is completed in Check Point, you can then open Cyfin, go to Data Management – Log Data Source – Setup, and run through the Log Data Source Setup wizard. Select the Check Point Syslog log file type and the same port you chose in the Check Point setup.
Upon completing the Log Data Source Setup wizard, you should start to see data in the file “SyslogXXXXXXX.txt” in the log file directory that you chose in the wizard.