All Apps and Add-ons

OPSEC lea_loggrabber failed to run

ksirisawatdi_sp
Splunk Employee
Splunk Employee

My customer try OPSEC lea_loggrabber and getting error message saying that "Segmentation fault". Anyone having sillier issue before?alt text

Tags (1)
1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

The lea_loggrabber client can encounter a "segmentation fault" for various reasons.
To gain a better understanding of the problem, you should elevate the OPSEC debugging level using the article below:
how-can-i-debug-my-lea-client-for-checkpoint

View solution in original post

mlogendra_splun
Splunk Employee
Splunk Employee

When the checkpoint add-on is trying to connect to the checkpoint server, it will try to resolve itself. When it is unable to do so, it will exit with a "segmentation fault" message.

Add a host entry with the hostname of Splunk server and its IP in /etc/hosts and the segmentation fault should go away.

0 Karma

jgedeon120
Contributor

If you are looking at getting logs from a Check Point you may want to take a look at this article. I'm also in the long process of creating a Check Point App for Splunk and it does use this method of getting the logs from the management server.

Splunking Check Point

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

The lea_loggrabber client can encounter a "segmentation fault" for various reasons.
To gain a better understanding of the problem, you should elevate the OPSEC debugging level using the article below:
how-can-i-debug-my-lea-client-for-checkpoint

Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.

Can’t make it to .conf25? Join us online!

Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...