feat: adding support for new products in Checkpoint Log Exporter R81.…

…20 (#2309)
splunk · Jan 17, 2024 · db3189a · db3189a
1 parent d6473cd
commit db3189a
Show file tree

Hide file tree

Showing 5 changed files with 338 additions and 45 deletions.
diff --git a/package/etc/conf.d/conflib/raw/app-raw-checkpoint_splunk.conf b/package/etc/conf.d/conflib/raw/app-raw-checkpoint_splunk.conf
@@ -128,6 +128,8 @@ block parser app-raw-checkpoint_splunk() {
                     or match('^Compliance' value('.values.product'))
                     or match('VPN-1\h+&\h+Fire[wW]all-1' value('.values.product'))
                     or match('Network\h+Security' value('.values.product'))
+                    or match('FG\h+VPN-1\h+&\h+FireWall-1' value('.values.product'))
+                    or match('QoS' value('.values.product'))
                     and not match('VPN' value('.values.fw_subproduct'))
                 };
                 rewrite {
@@ -176,6 +178,10 @@ block parser app-raw-checkpoint_splunk() {
                     or match('Connectra' value('.values.product'))
                     or match('Check\h+Point\h+Security\h+Management\h+Server' value('.values.product'))
                     or match('CLI' value('.values.product'))
+                    or match('Check\h+Point\h+GO\h+Password\h+Reset' value('.values.product'))
+                    or match('Database\h+Tool' value('.values.product'))
+                    or match('cpmidu_update_tool' value('.values.product'))
+                    or match('query-database' value('.values.product'))
                 };
                 rewrite {
                     r_set_splunk_dest_update_v2(
@@ -278,6 +284,10 @@ block parser app-raw-checkpoint_splunk() {
                     match('MTA' value('.values.product'))
                     or match('Anti-Spam' value('.values.product'))
                     or match('Anti\h+Spam' value('.values.product'))
+                    or match('Anti-Phishing' value('.values.product'))
+                    or match('Anti\h+Phishing' value('.values.product'))
+                    or match('Anti-Spam\h+and\h+Email\h+Security' value('.values.product'))
+                    or match('Anti\h+Spam\h+and\h+Email\h+Security' value('.values.product'))
                 };
                 rewrite {
                     r_set_splunk_dest_update_v2(

diff --git a/package/etc/conf.d/conflib/syslog/app-syslog-checkpoint_syslog.conf b/package/etc/conf.d/conflib/syslog/app-syslog-checkpoint_syslog.conf
@@ -115,6 +115,8 @@ block parser app-syslog-checkpoint_syslog() {
                 or match('^Compliance' value('.SDATA.sc4s@2620.product'))
                 or match('VPN-1\h+&\h+Fire[wW]all-1' value('.SDATA.sc4s@2620.product'))
                 or match('Network\h+Security' value('.SDATA.sc4s@2620.product'))
+                or match('FG\h+VPN-1\h+&\h+FireWall-1' value('.SDATA.sc4s@2620.product'))
+                or match('QoS' value('.SDATA.sc4s@2620.product'))
                 and not match('VPN' value('.SDATA.sc4s@2620.fw_subproduct'))
             };
             rewrite {
@@ -163,6 +165,10 @@ block parser app-syslog-checkpoint_syslog() {
                 or match('Connectra' value('.SDATA.sc4s@2620.product'))
                 or match('Check\h+Point\h+Security\h+Management\h+Server' value('.SDATA.sc4s@2620.product'))
                 or match('CLI' value('.SDATA.sc4s@2620.product'))
+                or match('Check\h+Point\h+GO\h+Password\h+Reset' value('.SDATA.sc4s@2620.product'))
+                or match('Database\h+Tool' value('.SDATA.sc4s@2620.product'))
+                or match('cpmidu_update_tool' value('.SDATA.sc4s@2620.product'))
+                or match('query-database' value('.SDATA.sc4s@2620.product'))
             };
             rewrite {
                 r_set_splunk_dest_update_v2(
@@ -265,6 +271,10 @@ block parser app-syslog-checkpoint_syslog() {
                 match('MTA' value('.SDATA.sc4s@2620.product'))
                 or match('Anti-Spam' value('.SDATA.sc4s@2620.product'))
                 or match('Anti\h+Spam' value('.SDATA.sc4s@2620.product'))
+                or match('Anti-Phishing' value('.SDATA.sc4s@2620.product'))
+                or match('Anti\h+Phishing' value('.SDATA.sc4s@2620.product'))
+                or match('Anti-Spam\h+and\h+Email\h+Security' value('.SDATA.sc4s@2620.product'))
+                or match('Anti\h+Spam\h+and\h+Email\h+Security' value('.SDATA.sc4s@2620.product'))
             };
             rewrite {
                 r_set_splunk_dest_update_v2(

diff --git a/package/lite/etc/addons/checkpoint/app-raw-checkpoint_splunk.conf b/package/lite/etc/addons/checkpoint/app-raw-checkpoint_splunk.conf
@@ -128,6 +128,8 @@ block parser app-raw-checkpoint_splunk() {
                     or match('^Compliance' value('.values.product'))
                     or match('VPN-1\h+&\h+Fire[wW]all-1' value('.values.product'))
                     or match('Network\h+Security' value('.values.product'))
+                    or match('FG\h+VPN-1\h+&\h+FireWall-1' value('.values.product'))
+                    or match('QoS' value('.values.product'))
                     and not match('VPN' value('.values.fw_subproduct'))
                 };
                 rewrite {
@@ -176,6 +178,10 @@ block parser app-raw-checkpoint_splunk() {
                     or match('Connectra' value('.values.product'))
                     or match('Check\h+Point\h+Security\h+Management\h+Server' value('.values.product'))
                     or match('CLI' value('.values.product'))
+                    or match('Check\h+Point\h+GO\h+Password\h+Reset' value('.values.product'))
+                    or match('Database\h+Tool' value('.values.product'))
+                    or match('cpmidu_update_tool' value('.values.product'))
+                    or match('query-database' value('.values.product'))
                 };
                 rewrite {
                     r_set_splunk_dest_update_v2(
@@ -278,6 +284,10 @@ block parser app-raw-checkpoint_splunk() {
                     match('MTA' value('.values.product'))
                     or match('Anti-Spam' value('.values.product'))
                     or match('Anti\h+Spam' value('.values.product'))
+                    or match('Anti-Phishing' value('.values.product'))
+                    or match('Anti\h+Phishing' value('.values.product'))
+                    or match('Anti-Spam\h+and\h+Email\h+Security' value('.values.product'))
+                    or match('Anti\h+Spam\h+and\h+Email\h+Security' value('.values.product'))
                 };
                 rewrite {
                     r_set_splunk_dest_update_v2(

diff --git a/package/lite/etc/addons/checkpoint/app-syslog-checkpoint_syslog.conf b/package/lite/etc/addons/checkpoint/app-syslog-checkpoint_syslog.conf
@@ -115,6 +115,8 @@ block parser app-syslog-checkpoint_syslog() {
                 or match('^Compliance' value('.SDATA.sc4s@2620.product'))
                 or match('VPN-1\h+&\h+Fire[wW]all-1' value('.SDATA.sc4s@2620.product'))
                 or match('Network\h+Security' value('.SDATA.sc4s@2620.product'))
+                or match('FG\h+VPN-1\h+&\h+FireWall-1' value('.SDATA.sc4s@2620.product'))
+                or match('QoS' value('.SDATA.sc4s@2620.product'))
                 and not match('VPN' value('.SDATA.sc4s@2620.fw_subproduct'))
             };
             rewrite {
@@ -163,6 +165,10 @@ block parser app-syslog-checkpoint_syslog() {
                 or match('Connectra' value('.SDATA.sc4s@2620.product'))
                 or match('Check\h+Point\h+Security\h+Management\h+Server' value('.SDATA.sc4s@2620.product'))
                 or match('CLI' value('.SDATA.sc4s@2620.product'))
+                or match('Check\h+Point\h+GO\h+Password\h+Reset' value('.SDATA.sc4s@2620.product'))
+                or match('Database\h+Tool' value('.SDATA.sc4s@2620.product'))
+                or match('cpmidu_update_tool' value('.SDATA.sc4s@2620.product'))
+                or match('query-database' value('.SDATA.sc4s@2620.product'))
             };
             rewrite {
                 r_set_splunk_dest_update_v2(
@@ -265,6 +271,10 @@ block parser app-syslog-checkpoint_syslog() {
                 match('MTA' value('.SDATA.sc4s@2620.product'))
                 or match('Anti-Spam' value('.SDATA.sc4s@2620.product'))
                 or match('Anti\h+Spam' value('.SDATA.sc4s@2620.product'))
+                or match('Anti-Phishing' value('.SDATA.sc4s@2620.product'))
+                or match('Anti\h+Phishing' value('.SDATA.sc4s@2620.product'))
+                or match('Anti-Spam\h+and\h+Email\h+Security' value('.SDATA.sc4s@2620.product'))
+                or match('Anti\h+Spam\h+and\h+Email\h+Security' value('.SDATA.sc4s@2620.product'))
             };
             rewrite {
                 r_set_splunk_dest_update_v2(