Device Integration: Checkpoint Firewall-1



Similar documents
Device Integration: CyberGuard SG565

How to send s triggered by events

Device Integration: Cisco Wireless LAN Controller (WLC)

Device Integration: Citrix NetScaler

Monitoring VMware ESX Virtual Switches

AlienVault. Unified Security Management 5.x Configuration Backup and Restore

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

Deploying HIDS Client to Windows Hosts

AlienVault Unified Security Management Solution Complete. Simple. Affordable Life Cycle of a log

AlienVault Unified Security Management (USM) x. Configuring High Availability (HA)

How to configure High Availability (HA) in AlienVault USM (for versions 4.14 and prior)

SYSTEM BACKUP AND RESTORE (AlienVault USM 4.8+)

AlienVault. Unified Security Management x Offline Update and Software Restoration Procedures

Suricata IDS. What is it and how to enable it

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

AlienVault Offline Key Activation

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

How to enable File Integrity Monitoring (FIM)

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Assets, Groups & Networks

RSA Event Source Configuration Guide. McAfee Firewall Enterprise

1Checkpoint. 2How Logtrust. Check Point is a firewall network that offers solutions. Logtrust offers to Check Point firewall Networks

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

User Management Guide

The SIEM Evaluator s Guide

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Cisco Setting Up PIX Syslog

SOA Software API Gateway Appliance 7.1.x Administration Guide

AlienVault. Unified Security Management (USM) x Initial Setup Guide

Security Correlation Server Quick Installation Guide

Monitor Print Popup for Mac. Product Manual.

Browser Client 2.0 Admin Guide

WMI Collecting Windows Logs

Using Symantec NetBackup with Symantec Security Information Manager 4.5

Intrusion Detection in AlienVault

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

RSA Event Source Configuration Guide. RSA Data Loss Prevention Suite

Propalms TSE Quickstart Guide

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Web Application Firewall

Installing Kaspersky Security Center 10.0 on Microsoft Windows Server 2012 Core Mode

FUJITSU Cloud IaaS Trusted Public S5 Setup and Configure yum Software Package Manager with CentOS 5.X/6.X VMs

Security Correlation Server Quick Installation Guide

Configuring LocalDirector Syslog

Volume SYSLOG JUNCTION. User s Guide. User s Guide

Knowledge Base Articles

RSA Authentication Manager

EVENT LOG MANAGEMENT...

How To Upgrade A Websense Log Server On A Windows 7.6 On A Powerbook (Windows) On A Thumbdrive Or Ipad (Windows 7.5) On An Ubuntu (Windows 8) Or Windows

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

To read more Linux Journal or start your subscription, please visit

System Area Management Software Tool Tip: Integrating into NetIQ AppManager

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

CUCM 9.x Configuration Manual for Arc Premium

Spector 360 Deployment Guide. Version 7

Trend Micro PC-cillin Internet Security 2006

F-SECURE MESSAGING SECURITY GATEWAY

High Availability for VMware GSX Server

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Configuring MailArchiva with Insight Server

EMC Data Domain Management Center

NetSpective Logon Agent Guide for NetAuditor

SecureAnywhereTM Web Security Service

pcanywhere Advanced Configuration Guide

Integration Module for BMC Remedy Helpdesk

Virtual CD v10. Network Management Server Manual. H+H Software GmbH

defacto installation guide

Linko Software Express Edition Typical Installation Guide

WatchGuard Dimension v1.1 Update 1 Release Notes

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

EMC VNX Version 8.1 Configuring and Using the Audit Tool on VNX for File P/N Rev 01 August, 2013

Scheduling in SAS 9.3

Moving the TRITON Reporting Databases

EMC VoyenceControl Integration Module. BMC Atrium Configuration Management Data Base (CMDB) Guide. version P/N REV A01

Install Cacti Network Monitoring Tool on CentOS 6.4 / RHEL 6.4 / Scientific Linux 6.4

Unified Security Management and Open Threat Exchange

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Scan to Quick Setup Guide

How to monitor AD security with MOM

Deep Freeze Enterprise - Advanced Maintenance & Autologon

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

Red Condor Syslog Server Configurations

Getting Started with StoreGrid Cloud

Changing Your Cameleon Server IP

VMware vcenter Support Assistant 5.1.1

Historical Reporting Client (HRC) User Login Fails

Uptime Infrastructure Monitor. Installation Guide

Technical Paper. Defining an ODBC Library in SAS 9.2 Management Console Using Microsoft Windows NT Authentication

Use Enterprise SSO as the Credential Server for Protected Sites

Automating client deployment

NetSupport DNA Configuration of Microsoft SQL Server Express

How to Restore a Windows System to Bare Metal

A CrossTec Corporation. Instructional Setup Guide. Activeworx Security Center Quick Install Guide

Setting Up a Backup Domain Controller

CommandCenter Secure Gateway

Netflow Collection with AlienVault Alienvault 2013

Transcription:

Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved.

AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat Exchange, AlienVault OTX Reputation Monitor, AlienVault OTX Reputation Monitor Alert, AlienVault OSSIM and OSSIM are trademarks or service marks of AlienVault.

CONTENTS 1. INTRODUCTION... 4 2. CHECKPOINT FIREWALL-1 DATA INFORMATION... 4 3. CONFIGURING FW-1 TO SEND DATA TO ALIENVAULT THROUGH SYSLOG... 4 4. HOW TO ENABLE THIS PLUGIN... 6 DC-00139 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 3 of 6

1. INTRODUCTION The objective of this document is to explain how to configure a Checkpoint Firewall-1 device to send log data to AlienVault USM. This document is related to the AlienVault document Data Source Plugin Management. The explanation about how to enable plugins can be found in that document. 2. CHECKPOINT FIREWALL-1 DATA INFORMATION Device Name Device Vendor Device Type Data Source Name Connection Type Firewall-1 Checkpoint Firewall fw1-alt Syslog Data Source ID 1504 3. CONFIGURING FW-1 TO SEND DATA TO ALIENVAULT THROUGH SYSLOG 1 This procedure is not supported on Provider-1 / Multi-Domain Server. The following instructions must be done on the Check Point appliance: 1. Backup the current /etc/syslog.conf script: 1 These instructions are being copied from Check Point Solution ID: sk33423 DC-00139 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 4 of 6

cp /etc/syslog.conf /etc/syslog.conf_original 2. Edit the current /etc/syslog.conf script: vi /etc/syslog.conf 3. Add the following line: local4.info @IP_Address_of_External_Syslog_Server It is necessary to enter a TAB after the 'local4.info'. 4. Save the changes in the /etc/syslog.conf file and exit from VI editor. 5. Backup the current /etc/rc.d/init.d/cpboot script: cp /etc/rc.d/init.d/cpboot /etc/rc.d/init.d/cpboot_original 6. Edit the current /etc/rc.d/init.d/cpboot script: vi /etc/rc.d/init.d/cpboot 7. Add the following line at the very bottom: fw log -f -t -n -l 2> /dev/null awk 'NF' logger p local4.info -t CP_FireWall & The '&' character at the end of a command's syntax ensures that this command runs in the background. If the '&' character is not included in the command, the OS would stop at loading the syslogd service, and you never get a login prompt at the console. For flags available for 'fw log', run: DC-00139 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 5 of 6

fw log --help In our example: -f - Only in case of active log file - Upon reaching the end of file, wait for new records and print them as well. -n - No IP resolving. The default is to resolve all IPs. -l - Show date and time per log record. The default is to show the date above the relevant records, and then the time per log record. For flags available for 'logger', refer to logger manual page. 8. Save the changes in the /etc/rc.d/init.d/cpboot file and exit from VI editor. 9. Reboot the machine. Restarting the Check Point services with cpstop;;cpstart command is not enough to make this work. 4. HOW TO ENABLE THIS PLUGIN This plugin is already configured, but it is necessary to enable it, through command line console or through the web interface. It is needed to enable the fw1-alt plugin. The instructions about how to enable this plugin can be found in the AlienVault document Data Source Plugin Management. DC-00139 Edition 01 Copyright 2014 AlienVault. All rights reserved. Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information