Log Collection Check Point: Step 4: Verify That Check Point Collection Is Working

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

This topic tells you what to check in Security Analytics to verify that you have configured Check Point Collection correctly.

Return toProcedures

You may need to verify that Check Point Collection is configured correctly, otherwise it won't work.

To verify that Check Point collection is working from the Administration > Health & Wellness > Event Source Monitoring tab:

CPESVerify.png

  1. Access the Event Source Monitoring tab from the Administration > Health & Wellness view.
  2. Find checkpointfw1 in the EventSource Type column.
  3. Look for activity in the Count column to verify that Check Point collection is accepting events.

To verify that Check Point collection is working from the Investigation > Events view:

  1. In the Security Analytics menu, access the Investigation > Events view.
  2. Select the Log Decoder (for example, LD1) collecting Check Point events in the Investigate a Device dialog.
  3. Look for a Check Point event source parser (for example, checkpointfw1) in the device.type field in the Details column to verify that Check Point collection is accepting events.
You are here: Check Point Collection Configuration Guide > Procedures > Step 4: Verify That Check Point Collection Is Working

Attachments

    Outcomes