Skip to content



Check Point’s Next Generation Firewalls (NGFW’s) are trusted by customers for their highest security effectiveness and their ability to keep organizations protected from sophisticated fifth generation cyber-attacks. Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

Event Categories

The following table lists the data source offered by this integration.

Data Source Description
Network device logs Check Point can record traffic events flowing through their firewall.
Network protocol analysis Check Point firewall does traffic analysis at physical/data/transport layers
Web logs Domain names are extracted from HTTP traffic


As of now, the main solution to collect Checkpoint logs leverages the Rsyslog recipe. Please share your experiences with other recipes by editing this documentation.

We are currently supporting the following firewall versions: R77.30, R80.10, R80.20, R80.30.


Please refer to the documentation of the Log Exporter of checkpoint to forward events to your rsyslog server. The reader is also invited to consult the Rsyslog Transport documentation to forward these logs to SEKOIA.IO.