.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Check Point ParametersCheck Point Parameters
The Check Point Collection protocol collects events from Check Point event sources using OPSEC LEA. OPSEC LEA is the Check Point Operations Security Log Export API that facilitates the extraction of logs.
Workflow
This workflow illustrates the basic tasks needed to start collecting events through Log Collection.
What do you want to do?
*You can perform this task here.
Related Topics
Check Point Collection Configuration Parameters
Note: Required parameters are marked with an asterisk. All other parameters are optional.
Basic ParametersBasic Parameters
Determine Advanced Parameter Values for Check Point CollectionDetermine Advanced Parameter Values for Check Point Collection
You use less system resources when you configure a Check Point event source connection to stay open for a specific time and specific event volume (transient connection). NetWitness defaults to the following connection parameters that establish a transient connection:
- Polling Interval = 180 (3 minutes)
- Max Duration Poll = 120 (2 minutes)
- Max Events Poll = 5000 (5000 events per polling interval)
- Max Idle Time Poll = 0
For very active Check Point event sources, it is a good practice to set up a connection that stays open until you stop collection (persistent connection). This ensures that Check Point collection maintains the pace of the events generated by these active event sources. The persistent connection avoids restart and connection delays and prevents Check Point collection from lagging behind event generation.
To establish a persistent connection for a Check Point event source, set the following parameters to the following values:
- Polling Interval = -1
- Max Duration Poll = 0
- Max Events Poll = 0
- Max Idle Time Poll = 0