https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15630#M9117 <P>jonathanhowell -</P> <P>Splunk's lea_loggrabber app is open-source. I have a patch which enables more verbose logging - quite useful for debugging lea_loggrabber issues. (It also includes a few other enhancements.) It's working very well for months now, not only in my environment but elsewhere. I've requested Splunk to either grant me commit access to their google code project for lea_loggrabber or at least to review my patch and make it available. Unfortunately no action on their side to date, other than opening the source. Send me a direct message with your email address and I'll send you a package with the patch, readme, plus some support scripts and useful lookups.</P> <P>Cheers, --Trey</P> Tue, 07 Sep 2010 20:14:27 GMT treyka 2010-09-07T20:14:27Z https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15628#M9115 <P>I am evaluating Splun 4.x as my log file analyzer for a Checkpoint UTM-1. I followed the procedures for configuring an LEA connector &amp; setting up OPSEC. It appears that Splunk is running &amp; making LEA requests of the Checkpoint, but I get no data logged on Splunk.</P> <P>How can I best go about troubleshooting this? What log files or debug commands can i use to trace down the fault?</P> <P>I appreciate your help. Jonathan</P> Thu, 17 Jun 2010 00:32:17 GMT https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15628#M9115 jonathanhowell 2010-06-17T00:32:17Z https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15629#M9116 <P>The splunkd.log at $SPLUNK_HOME/var/log/splunk/ is usually good for this sort of troubleshooting. If for some reason an input is being skipped, this will often be the place that it's logged.</P> Thu, 17 Jun 2010 02:55:24 GMT https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15629#M9116 Yancy 2010-06-17T02:55:24Z https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15630#M9117 <P>jonathanhowell -</P> <P>Splunk's lea_loggrabber app is open-source. I have a patch which enables more verbose logging - quite useful for debugging lea_loggrabber issues. (It also includes a few other enhancements.) It's working very well for months now, not only in my environment but elsewhere. I've requested Splunk to either grant me commit access to their google code project for lea_loggrabber or at least to review my patch and make it available. Unfortunately no action on their side to date, other than opening the source. Send me a direct message with your email address and I'll send you a package with the patch, readme, plus some support scripts and useful lookups.</P> <P>Cheers, --Trey</P> Tue, 07 Sep 2010 20:14:27 GMT https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15630#M9117 treyka 2010-09-07T20:14:27Z https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15631#M9118 <P>Trey</P> <P>We are experiencing the exact same behaviour than ‘Starlette’ in <A rel="nofollow" href="http://answers.splunk.com/questions/947/splunking-my-checkpoint-firewall-logs">http://answers.splunk.com/questions/947/splunking-my-checkpoint-firewall-logs</A> We are interested to your package with the patch. We are running on RedHat 5-64. How can we get it?</P> <P>Thanks</P> <P>Cheers, JP</P> Thu, 09 Sep 2010 01:11:00 GMT https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15631#M9118 jplaberge 2010-09-09T01:11:00Z https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15632#M9119 <P>Hello Trey,<BR /> Thank you for taking the time to enhance this app and share that with other users.<BR /> I'll send you my email address to get a copy of your package. I will give it a go and try to give some traction to your request if it proves helpful in troubleshooting jplaberge's issue.</P> Thu, 09 Sep 2010 01:43:35 GMT https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15632#M9119 hexx 2010-09-09T01:43:35Z https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15633#M9120 <P>Hi,</P> <P>We are also interested in your package... possible to take a look?</P> <P>Thanks</P> <P>Cheers, Vincent</P> Tue, 05 Apr 2011 09:47:19 GMT https://community.splunk.com/t5/Installation/troubleshooting-splunk-checkpoint-communication/m-p/15633#M9120 csoh 2011-04-05T09:47:19Z