Configuring the Check Point Log Source

SUMMARY Configure the log source in JSA to get a certificate from Check Point and to receive log information.

1. Log in to JSA.
2. On the navigation menu, click Admin.
3. Click Data Sources.
4. Click the Log Sources icon, and then click Add.
5. Configure the following values:

   Table 1: Configuring Check Point log source parameters

   Parameter	Description
   Log Source Name	The identifier for the log source.
   Log Source Description	The description is optional.
   Log Source Type	Select Check Point FireWall-1.
   Protocol Configuration	Select OPSEC/LEA.
   Log Source Identifier	IP address of your SMS
   Server IP	Type the IP address of your SMS.
   Server Port	Use port 18184.
   Use Server IP for Log Source	Do not select this checkbox.
   Statistics Report Interval	Default of 600.
   Authentication Type	From the list, select sslca.
   OPSEC Application Object SIC Attribute (SIC Name)	From the Check Point SmartDashboard, click Manage > Servers and OPSEC Applications. Select the OPSEC application that has the client entity property of LEA, and click Edit. Copy and paste the entry from the DN field into the OPSEC Application Object SIC Attribute (SIC Name) field.
   Log Source SIC Attribute (Entity SIC Name)	Use the entry that you entered in the OPSEC Application Object SIC Attribute (SIC Name) field, remove the text from the CN= property value, and make the following edits: For the CN= property value, use cp_mgmt. The following examples show an OPSEC Application DN and OPSEC Application Host, which is used to create the Entity SIC Name: OPSEC Application DN: CN=cpsmsxxx,O=svxxx-CPSMS..bsaobx OPSEC Application Host: Srvxxx-SMS Use text from the OPSEC Application DN and the OPSEC Application Host to form the Entity SIC Name: CN=cp_mgmt,O=svxxx-CPSMS..bsaobx The Entity SIC Name in this configuration is based on a Gateway to Management Server setup. If your SMS address is not used as a gateway, use the Management Server configuration for the Entity SIC Name, which is represented by the following text: CN=cp_mgmt,O=<take_O_value_from_DN_field>
   Specify Certificate	Don't select this checkbox.
   Certificate Authority IP	Type the IP address of the SMS.
   Pull Certificate Password	The password that you specified for the OPSEC Applications Properties in the One-time password field of the Communication window.
   OPSEC Application	The name that you specified in the Name field from the OPSEC Applications Properties.
   Enabled	Select this checkbox to enable the log source. By default, the checkbox is selected.
   Credibility	The range is 0 - 10. The credibility indicates the integrity of an event or offense as determined by the credibility rating from the source devices. Credibility increases when multiple sources report the same event. The default is 5.
   Target Event Collector	From the list, select the Target Event Collector to use as the target for the log source.
   Coalescing Events	Enables the log source to coalesce (bundle) events. By default, automatically discovered log sources inherit the value of the Coalescing Events list from the System Settings properties in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.
   Store Event Payload	Enables the log source to store event payload information. By default, automatically discovered log sources inherit the value of the Store Event Payload list from the System Settings properties in JSA. When you create a log source or edit an existing configuration, you can override the default value by configuring this option for each log source.

6. Click Save.
7. On the Admin tab, click Deploy Changes.