This topic tells you what to check in Security Analytics to verify that you have configured Check Point Collection correctly.
Return to Procedures
You may need to verify that Check Point Collection is configured correctly, otherwise it won't work.
The following figure illustrates how you can verify that Check Point collection is working from the Administration > Health & Wellness > Event Source Monitoring tab.
Access the Event Source Monitoring tab from the Administration > Health & Wellness view.
Find checkpointfw1 in the Event Source Type column.
Look for activity in the Count column to verify that Check Point collection is accepting events.
The following figure illustrates how you can verify that Check Point collection is working from the Investigation > Events view.
Note: If the logs from the VSX Checkpoint firewall server is collected by the Log Collector checkpoint service, to translate the VSX IP in the logs to ip.orig meta, you must add the VSX hostname and the VSX IP address to the /etc/hosts file in the Log Collector.