support checkpoint 5424

[ryanfaircloth]

<134>1 2020-03-13T03:45:34Z fwlogs CheckPoint 30513 - [action:"Accept"; flags:"18692"; ifdir:"inbound"; ifname:"bond1"; loguid:"{0x5e6b01de,0x42,0x8b1ba995,0xc0000000}"; origin:"a.b.c.d"; time:"1584071134"; version:"1"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={2B1357A0-148C-9D41-8E13-43150189C688};mgmt=fwmgt.xxx.edu;date=1582909094;policy_name=fwcons-fwcl1_Simplified\]"; dst:"e.f.g.h"; inzone:"Internal"; origin_sic_name:"myouinfohere"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; rule:"1"; rule_uid:"{2548FE8F-60C9-4914-8C28-8B0BC9378B3F}"; s_port:"60131"; service:"53"; service_id:"domain-udp"; src:"a.b.c.d"; ]

[nandinivij]

@rfaircloth-splunk This log is generating an error in parsing issue due to the double quotes around the values in key-value pair. Error processing log message: <134>1 2020-10-07T18:00:53Z gelatin-water CheckPoint 30513 - [action:Accept; flags>@<:"18692"; ifdir:"inbound"; ifname:"bond1"; loguid:"{0x5e6b01de,0x42,0x8b1ba995,0xc0000000}"; origin:"a.b.c.d"; time:"1584071134"; version:"1"; __policy_id_tag:"product=VPN-1 & FireWall-1[db_tag={2B1357A0-148C-9D41-8E13-43150189C688};mgmt=fwmgt.xxx.edu;date=1582909094;policy_name=fwcons-fwcl1_Simplified]"; dst:"e.f.g.h"; inzone:"Internal"; origin_sic_name:"myouinfohere"; outzone:"External"; product:"VPN-1 & FireWall-1"; proto:"17"; rule:"1"; rule_uid:"{2548FE8F-60C9-4914-8C28-8B0BC9378B3F}"; s_port:"60131"; service:"53"; service_id:"domain-udp"; src:"a.b.c.d";]

[nandinivij]

Unable to find samples for fwlogs. Closing this issue until we get a valid Syslog sample. https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_CLI_ReferenceGuide/Content/Topics-CLIG/FWG/fw-log.htm. Please reopen if required. Thanks