Update CheckPoint package with RFC 5424 parsing fix

[andrewkroh]

What does this PR do?

Sync the change from elastic/beats#21854 to use the UDP input instead of syslog input
to allow for RFC 5424 syslog parsing.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all datasets collect metrics or logs.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Build Cause: [Pull request #351 updated]

• Start Time: 2020-10-28T23:50:17.539+0000

• Duration: 16 min 3 sec

Test stats 🧪

Test	Results
Failed	0
Passed	8
Skipped	0
Total	8

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[andrewstucki]

So, quick question, based off of https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-checkpoint.html#_firewall_fileset_settings -- it looks like this isn't necessarily required and filebeat will default to globbing on known system log directories? Just wondering why the switch?

[andrewkroh]

Neither the module nor the package specify default paths for the CheckPoint log files. Probably because there isn't a standard path due to syslog streaming being the primary delivery means.

I marked it as required to prevent the package from being installed without setting any path. If you start the logfile stream without any paths it will cause an error in filebeat since it cannot start the log input without any paths.