46. Check Point
The im_checkpoint module, provided by NXLog Enterprise Edition, can collect logs from Check Point devices over the OPSEC LEA protocol.
Example 206. Collecting Check Point LEA Logs
With the following configuration, NXLog will collect logs from Check Point devices over the LEA protocol and write them to file in JSON format.
nxlog.conf ![[Download file]](images/icons/download_icon.png "Download file")
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<Extension _json>
Module xm_json
</Extension>
<Input checkpoint>
Module im_checkpoint
Command /opt/nxlog/bin/nx-im-checkpoint
LEAConfigFile /opt/nxlog/etc/lea.conf
</Input>
<Output file>
Module om_file
File 'tmp/output'
Exec $raw_event = to_json();
</Output>
<Route checkpoint_to_file>
Path checkpoint => file
</Route>