Adding an LEA Server

To collect log data from a Check Point log source, you must define an LEA server on the appliance.

You can define an LEA Server on the appliance from Management > Check Point > LEA Servers. This lets you collect log data from that Check Point log source.

If the firewall or interface for this LEA server is on a separate Check Point log source, use the Firewalls or Interfaces tabs instead of the Add Firewalls & Interfaces section in step 7.

Procedure

  1. Type the Name for the LEA server.
  2. Select an Agent Mode to define how the LEA server starts. The default is Automatic, to ensure that the Check Point connection is established during system boot up.
  3. Make sure that Enable Data Collection is set to Yes.
  4. (Optional) Type a Description for the LEA server.
  5. Establish Secure Internal Communication (SIC):
    1. Select the Establish Secure Internal Communication check box.
    2. Enter the Check Point server SIC IP address.
    3. Enter the Activation Key for the OPSEC Application on the Check Point log source.
    4. Enter the OPSEC Application Name for the application on the Check Point log source.
    5. Set up the SSL connection to the LEA server:
    6. Select the SSL Connection to LEA Server check box to enable it.
    7. Type the LEA IP address for the LEA server.
    8. Type the LEA Port number for the LEA server.
    9. Type the LEA Server DN (domain name).
  6. If the firewall and interface are on the same Check Point log source as the LEA server, configure them.
    If they are on separate Check Point log sources, after adding this LEA server, use the Firewalls or Interfaces tabs instead.
    1. Select the appropriate Add Firewalls & Interfaces radio button:
      • CPMI Auto Discovery - Automatically detects any Check Point Management Interface (CPMI) log sources connected to your system.
      • Manual Input - Lets you manually input each CPMI log source
    2. Type the CPMI IP address.
    3. Type the CPMI Port number.
    4. Type the Check Point User Name. You must create an Administrator account in your Check Point application before you can use that ID for the Check Point User Name field on the LogLogic appliance.
    5. Type the Check Point User Password. You must create an Administrator account in your Check Point application before you can use that password for the Check Point User Password field on the LogLogic appliance.
    6. Select SSL Connection to CPMI Server to enable the SSL connection to your CPMI server.
    7. Type the CPMI Server DN (domain name).
  7. Click Add to add the LEA server. The new server definition is automatically propagated to the downstream syslog receivers.