Solved: Should I create the OPSEC application in CheckPoin...

jbsplunk · ‎01-09-2012

I'm using a deployment server to push my CheckPoint app to external+ forwarders. Should I create the OPSEC application in CheckPoint using the IP address of the forwarder or deployment server??

Chubbybunny · ‎01-09-2012

You'll need to create the OPSEC application using the IP address of the forwarder (OPSEC LEA Client). While the deployment server will be used to initially to send the app to the forwarder, all communication to the OPSEC LEA server (the Check Point device splunk will pull logs from) will take place on the forwarder.

View solution in original post

Chubbybunny · ‎01-09-2012

You'll need to create the OPSEC application using the IP address of the forwarder (OPSEC LEA Client). While the deployment server will be used to initially to send the app to the forwarder, all communication to the OPSEC LEA server (the Check Point device splunk will pull logs from) will take place on the forwarder.

Should I create the OPSEC application in CheckPoint using the IP address of the forwarder or deployment server??

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation