All Apps and Add-ons

OPSEC lea_loggrabber failed to run

ksirisawatdi_sp
Splunk Employee
Splunk Employee

My customer try OPSEC lea_loggrabber and getting error message saying that "Segmentation fault". Anyone having sillier issue before?alt text

Tags (1)
1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

The lea_loggrabber client can encounter a "segmentation fault" for various reasons.
To gain a better understanding of the problem, you should elevate the OPSEC debugging level using the article below:
how-can-i-debug-my-lea-client-for-checkpoint

View solution in original post

mlogendra_splun
Splunk Employee
Splunk Employee

When the checkpoint add-on is trying to connect to the checkpoint server, it will try to resolve itself. When it is unable to do so, it will exit with a "segmentation fault" message.

Add a host entry with the hostname of Splunk server and its IP in /etc/hosts and the segmentation fault should go away.

0 Karma

jgedeon120
Contributor

If you are looking at getting logs from a Check Point you may want to take a look at this article. I'm also in the long process of creating a Check Point App for Splunk and it does use this method of getting the logs from the management server.

Splunking Check Point

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

The lea_loggrabber client can encounter a "segmentation fault" for various reasons.
To gain a better understanding of the problem, you should elevate the OPSEC debugging level using the article below:
how-can-i-debug-my-lea-client-for-checkpoint

View solution in original post

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!