Collect data from Check Point NGFW

Log in to your Onum tenant and click Listeners > New listener.

Double-click the Syslog Listener.

Enter a Name for the new Listener. Optionally, add a Description and some Tags to identify the Listener.

Enter the required Port and Protocol (TCP or UDP).

Choose the required Framing Method, which refers to how characters are handled in log messages sent via the Syslog protocol. Choose between:

• Auto-Detect - automatically detect the framing method using the information provided.

• Non-Transparent Framing (newline) - the newline characters (\n) within a log message are preserved as part of the message content and are not treated as delimiters or boundaries between separate messages.

• Non-Transparent Framing (zero) - refers to the way zero-byte characters are handled. Any null byte (\0) characters that appear within the message body are preserved as part of the message and are not treated as delimiters or boundaries between separate messages.

• Octet Counting (message length) - the Syslog message is preceded by a count of the length of the message in octets (bytes).

If you're using TLS authentication, enter the data you received from the Onum team in the TLS configuration section (Certificate, Private key and CA chain). Choose your Client authentication method and Minimum TLS version.

Finally, click Create labels. Optionally, you can set labels to be used for internal Onum routing of data. By default, data will be set as Unlabeled. Click Create listener when you're done.