We are trying to capture checkpoint FW allow/deny firewall traffic logs on LEM. I have successfully added the node & configured the connector Checkpoint 600 Appliances (auth.log) However when i create a filter under Monitor , it shows EventInfo as "Unmatched auth UUid data , but under ExtraneousInfo it shows the correct log.
Unmatched Data is pretty much going to be the same procedure every time it's encountered and regardless of vendor, etc.
Firstly, make sure you have the latest connectors applied.
If that doesn't resolve the issue, get an export of the logs and reach out to Support.
See the above article for the specifics.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.