The LEA protocol is expected to be discontinued by Check Point and if you use LEA with version R81 or above you may already experience technical issues. We therefore recommend using syslog instead of LEA.

Receiving Check Point Logs Using LEA

Overview

By default, Check Point management servers (SmartCenters and Provider-1 CMAs) store audit logs that track administrative actions locally, rather than sending them to the Log Server or CLM. SecureTrack retrieves audit logs from the management server, not from the Log Server or CLM. If you configured your management server to send audit logs to the Log Server or CLM, you must configure SecureTrack to retrieve them from there.

Configure SecureTrack to Retrieve Audit/Traffic Logs

  1. Add the first management server and its associated Log Server or CLM to SecureTrack.
  2. In the Device Configuration list, select the relevant management server (not the log server).
  3. Click Edit configuration:

    Edit CMA

  4. Click Next and Next.
  5. In the stage 3 page, select Custom.
  6. Set your Check Point device to communicate with SecureTrack :

  7. Click Next, and then Save.

How Do I Get Here?

In SecureTrack, go to Monitoring > Device Groups