Hi all,
I want to collect check point logs to Qradar by log export method but in audit logs I cannot see detailed logs. For instance, we can see Policy change/modification events but what did in this modification, we cannot see. I thougt that Qradar cannot change the collected logs but CheckPoint admin claims same issue was come acrossed and another Qradar admin has solved the issue by making something on Qradar. Checkpoint is R81 version and Qradar is 7.5.0 UP4.
I thougt that maybe CheckPoint is sending details in the following logs but I could't see any logs for details of these changes. I increased the TCP payload size but nothing was changed.
Log_export is sending logs with semi-unified configuration.
Is there a way to solve this issue on Qradar by doing something?
Thank you so much for your valuable helps.
------------------------------
İsmail Kaya
------------------------------