I'm very new to checkpoint and syslog, but one of the first things I am trying to do is get rule activity logs over to Splunk via syslog-ng. Our CP talks a lot, and I want to see if there is a way to reduce the data that is sent via log exporter to syslog. I currently see it sending 42 fields, but if I wanted to send less, is there a way for log exporter to filter out the ones I do not want, or just specify the ones I want?
Alternatively, and what seems to me would be far more complicated, can syslog-ng filter out unwanted pieces on it's end?
The overall goal here is to have less indexed by Splunk so I do not have to expand licensing to index information I simply don't need.
Thanks!
No comments:
Post a Comment