Hi Givary,
The problem was the client was adding too many of the available fields to the logging policy on the Checkpoint side.
Once he backed it off to the recommended fields all was ok.
Checkpoint Firewall syslog configuration?
Hi there,
Has anyone recently configured Checkpoint Firewalls to log to Sentinel via syslog?
I'm getting 'max length exceeded'
I'm not sure if there are recommendations on a way to reduce the fields in the logs or if there's some other issue that I can configure in rsyslog.
Thanks for your help.
2 answers
Sort by: Most helpful
-
David Broggy 5,986 Reputation points MVP
2022-11-03T13:55:37.393+00:00 -
Givary-MSFT 34,101 Reputation points Microsoft Employee
2022-11-04T03:32:26.043+00:00 I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.
Answered by David (@David Broggy ) :
The problem was the client was adding too many of the available fields to the logging policy on the Checkpoint side.
Once he backed it off to the recommended fields all was ok.