When you configure Check Point Media Encryption and Port Protection (MEPP) to send log data to USM Appliance, you can use the checkpoint-mepp plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
Device | Details |
---|---|
Vendor | Check Point |
Device Type | Data protection |
Connection Type | Syslog |
Data Source Name | checkpoint-mepp |
Data Source ID | 1854 |
Integrating Check Point MEPP
Before you configure the Check Point Media Encryption and Port Protection (MEPP) integration, you must have the IP Address of the USM Appliance Sensor.
To configure Check Point MEPP to send Syslog messages to USM Appliance
- In the Smart Dashboard, click the Firewall tab.
- In the Servers and OPSEC Applications object tree, right-click and select Servers > New > Syslog.
- In the Syslog Properties window, enter or select:
- Name (for example: AV-USM)
- Optional comment
- Host (IP Address/Hostname of USM Appliance)
- Port (Default = 514 )
- Version (Syslog Protocol )
- In the Smart Dashboard, select Gateway Properties > Logs.
- In the Send logs and alerts to these log servers table, click the Green button to add the Syslog server defined earlier.
- Click OK.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
Sending Check Point Logs to a Syslog Server
For troubleshooting, refer to the vendor documentation:
Note: Subscription privileges required to access the troubleshooting web link.