...
The full tag must have four levels. The first two are fixed as firewall.checkpoint. The third level identifies the tool used to forward the events and the fourth is required but you are free to define it as you like (we suggest using it to identify the location of the machine that is the event source, for example, dmz).
Technology | Brand | Tool | Group |
|---|---|---|---|
firewall | checkpoint | fw | <group> |
gaia |
| ||
lea | <group> | ||
log_exporter | <group> | ||
gaia_system | <group> |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
firewall.checkpoint.log_exporter.<group> | firewall.checkpoint.log_exporter |
firewall.checkpoint.gaia.<group> | firewall.checkpoint.gaia |
firewall.checkpoint.lea.<group> | firewall.checkpoint.lea |
firewall.checkpoint.fw.<group> | firewall.checkpoint.fw |
firewall.checkpoint.gaia_system.<group> | firewall.checkpoint.gaia_system |
These tags are designed to accommodate the different ways that the firewall events can be exported to Devo.
...