I've installed the Splunk Add-on for Checkpoint OPSEC LEA v.3.1.0 on Splunk Enterprise v.6.2.4.
The version of the firewall is R77.30, but on the requirements I can see the upper version indicated i R77.
Does anyone know if version R77.30 is also supported?
On the opsec_watchdog.log file I always have these three lines:
2015-08-07 15:48:51,821 INFO 22457 140600047077184 Starting exec: ['./lea_loggrabber', '--configentity', 'SplunkLEA', '--appname', 'Splunk_TA_opseclea_linux22'] 2015-08-07 15:48:53,073 INFO 22457 140600047077184 got ret code 1 2015-08-07 15:48:54,074 INFO 22457 140600047077184 process crashed (1), restarting
Even I had the issues running LEA version 3.1.0 on CentOS. As I can understand the problem is not with Check Point R77.30 but between LEA3.1.0 and CentOS. I use LEA2.10 and it works perfectly with my R77.30.
I downloaded 2.10 version well before 3.10 was released. If you want I can share. Please mail me firstname.lastname@example.org
For me 2.10 & R77.30 is working perfectly on CentOS 6.4 (64 - bit). Step by step method I have provided on my blog.
Here are some details of my setup. As you can see connection on port 18184 is established by LEA client 2.10.
[root@centos ~]# more /etc/redhat-release
CentOS release 6.4 (Final)
[root@centos ~]# uname -a
Linux centos 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]# netstat -na | grep 18184
tcp 0 0 192.168.10.28:58978 192.168.10.253:18184 ESTABLISHED