Checkpoint Firewall syslog configuration?

David Broggy 5,986 Reputation points MVP
2022-10-05T14:17:24.313+00:00

Hi there,
Has anyone recently configured Checkpoint Firewalls to log to Sentinel via syslog?
I'm getting 'max length exceeded'
I'm not sure if there are recommendations on a way to reduce the fields in the logs or if there's some other issue that I can configure in rsyslog.
Thanks for your help.

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,179 questions
{count} votes

2 answers

Sort by: Most helpful
  1. David Broggy 5,986 Reputation points MVP
    2022-11-03T13:55:37.393+00:00

    Hi Givary,
    The problem was the client was adding too many of the available fields to the logging policy on the Checkpoint side.
    Once he backed it off to the recommended fields all was ok.

    0 comments No comments

  2. Givary-MSFT 34,101 Reputation points Microsoft Employee
    2022-11-04T03:32:26.043+00:00

    @David Broggy

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Answered by David (@David Broggy ) :

    The problem was the client was adding too many of the available fields to the logging policy on the Checkpoint side.
    Once he backed it off to the recommended fields all was ok.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.