Is anyone using Splunk as source for Checkpoint logs? It will be nice to know how their experience is with developing custom parser for CP logs via Splunk.
Also, it will be a good use case for RSA to develop a parser to take event logs from aggregator like Splunk.
It might be worth checking out the CEF export app for splunk here : Splunk App for CEF | Splunkbase
If you had splunk translate your checkpoint events into CEF, it would alleviate you of having to build an entirely new parser, and just modify the cef.xml parser in SA, or netwitness.