Log Source Name |
The identifier for the log source.
|
Log Source Description |
The description is optional. |
Log Source Type |
Select Check Point FireWall-1. |
Protocol Configuration |
Select OPSEC/LEA. |
Log Source Identifier |
IP address of your SMS |
Server IP |
Type the IP address of your SMS. |
Server Port |
Use port 18184.
|
Use Server IP for Log Source |
Do not select this checkbox.
|
Statistics Report Interval |
Default of 600.
|
Authentication Type |
From the list, select sslca.
|
OPSEC Application Object SIC Attribute (SIC
Name) |
From the Check Point SmartDashboard, click .
Select the OPSEC application that has the client entity property of LEA, and click
Edit.
Copy and paste the entry from the DN field into the OPSEC
Application Object SIC Attribute (SIC Name) field.
|
Log Source SIC Attribute (Entity SIC Name) |
Use the entry that you entered in the OPSEC Application Object SIC
Attribute (SIC Name) field, remove the text from the CN= property
value , and make the following edits:For the CN= property value, use
cp_mgmt.
The following examples show an OPSEC Application DN and OPSEC
Application Host, which is used to create the Entity SIC Name:
OPSEC Application DN: CN=cpsmsxxx,O=svxxx-CPSMS..bsaobx
OPSEC
Application Host: Srvxxx-SMS
Use text from the OPSEC Application DN and the OPSEC Application Host to form the
Entity SIC
Name:
CN=cp_mgmt,O=svxxx-CPSMS..bsaobx
The
Entity SIC Name in this configuration is based on a Gateway to Management
Server setup. If your SMS address is not used as a gateway, use the Management Server configuration
for the Entity SIC Name, which is represented by the following text:
CN=cp_mgmt,O=<take_O_value_from_DN_field>
|
Specify Certificate |
Don't select this checkbox. |
Certificate Authority IP |
Type the IP address of the SMS. |
Pull Certificate Password |
The password that you specified for the OPSEC Applications
Properties in the One-time password field of the
Communication window. |
OPSEC Application |
The name that you specified in the Name field from the
OPSEC Applications Properties. |
Enabled |
Select this checkbox to enable the log source. By default, the checkbox is
selected. |
Credibility |
The range is 0 - 10. The credibility indicates the integrity of an event or
offense as determined by the credibility rating from the source devices. Credibility increases when
multiple sources report the same event. The default is 5. |
Target Event Collector |
From the list, select the Target Event Collector to
use as the target for the log source. |
Coalescing Events |
Enables the log source to coalesce (bundle) events. By default, automatically
discovered log sources inherit the value of the
Coalescing Events list from the
System Settings properties in JSA. When you create a log
source or edit an existing configuration, you can override
the default value by configuring this option for each log
source. |
Store Event Payload |
Enables the log source to store event payload information. By default,
automatically discovered log sources inherit the value of
the Store Event Payload list from the
System Settings properties in JSA. When you create a log
source or edit an existing configuration, you can override
the default value by configuring this option for each log
source. |