I've had the same problem and I updated the add-on with this patch from Checkpoint. You could try this @junedec21 .
New connections fail with "REST API ERROR 400" or "Fatal error: glibc detected an invalid stdio handle" on Linux with a glibc version higher than 2.17-196
1. Download file at https://supportcenter.checkpoint.com/supportcenter/portal/user/anon/page/default.psml/media-type/htm...
3. After you update the two binaries, you must reset the one time password.
=> This worked for me.
I was having this same issue but believe I've found a fix to it. I'm assuming you're running on a Linux OS as from what I understand this app won't run on a Windows server due to the application dependencies.
Searching this error results in a lot of people suggesting to install the 32 bit glibc and pam libraries which I did but I still kept getting the error. This initial portion of the configuration is just establishing the communication and pulling a certificate from your management server and is done so through a python script located at:
When I tried to manually run that script I received the following error:
[root@splunkserver bin]# ./pull-cert.sh
./opsec-tools/opsec_pull_cert: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory
I installed libnsl.i686 and afterwards was able to run the script. I then tried to run the application via the GUI and was able to successfully establish the connection/pull the cert.
I'm using CentOS so my fix was:
sudo yum install glibc.i686 pam.i686 libnsl.i686 but obviously if you're on something like Ubuntu/Debian you'd do
sudo apt install glibc.i686 pam.i686 libnsl.i686.
@sebastiandelreal This issue will occur when you will not be having the port 18210 open on your Checkpoint server.
Kindly verify if the port 18210 is reachable from your Splunk instance
To verify the port reachability, you can use the telnet command from your Splunk instance.
FYI - @junedec21