We were advised a few weeks ago to change to LEEF log format for our Checkpoint firewall data and things were working fine. Last week we were checking our health for our logs and saw that our firewall data wasn’t being parsed anymore. As a troubleshooting step we changed over to CEF and logs started parsing again. We asked support and they swear it’s a Checkpoint issue, but we haven’t made any changes on the firewalls in ages that would have changed this functionality.
Is anyone else having this issue? We’re also noticing that a lot of our dashboards and reports are breaking since the keys we were pulling changed when we changed logging formats.