Highlighted
álvarogarcía1 Absent Member.
Absent Member.
512 views

Parser for some events Check Point

Hi,

I have created a parser for some kind of CheckPoint events because it was not mapping correctly. However i am not sure where i have to locate CheckPointVPN.sdkrfilereader.properties and what i have to add in agent.properties.

What i want is parse this kind of events only, cause the others are parsing correctly.

Please, could someone tell me how to do that?.

Thanks in advance,

Álvaro

Labels (5)
0 Likes
4 Replies
davidelka1 Respected Contributor.
Respected Contributor.

Re: Parser for some events Check Point

hello , 

someon can help me ? i need the parser: CheckPointVPN.sdkrfilereader.properties for checkpoint / Coonectra ? 

 

thank you

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Parser for some events Check Point

There is quite a few additions to the Checkpoint parsers in the newest 7.9.x release, i would recommend trying that first

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
davidelka1 Respected Contributor.
Respected Contributor.

Re: Parser for some events Check Point

Hello ,

I installed 7.9 and check syslog deamon (udp ) , same ....   All info's is showed on the raw data. i need write regex parser . 

Maybe do you have some regex parser ? 

 

thank you 

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Parser for some events Check Point

Do you mean that nothing is parsed at all? Or that certain values are not populating?

Checkpoint per default has over 200 unmapped fields, try to right click the connector, send command, and "get unmapped fields".

This will show you what fields you have available, and you can either map then just with a mapping file, or map them in ESM directly, forwarding the settings to the connector.

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.