All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Check Point OPSEC LEA 3.1.0: Is the firewall version R77.30 supported?

Cris
Explorer
‎08-07-2015 07:05 AM

Hi everyone,

I've installed the Splunk Add-on for Checkpoint OPSEC LEA v.3.1.0 on Splunk Enterprise v.6.2.4.
The version of the firewall is R77.30, but on the requirements I can see the upper version indicated i R77.

Does anyone know if version R77.30 is also supported?

On the opsec_watchdog.log file I always have these three lines:

2015-08-07 15:48:51,821 INFO 22457 140600047077184 Starting exec: ['./lea_loggrabber', '--configentity', 'SplunkLEA', '--appname', 'Splunk_TA_opseclea_linux22']
2015-08-07 15:48:53,073 INFO 22457 140600047077184 got ret code 1
2015-08-07 15:48:54,074 INFO 22457 140600047077184 process crashed (1), restarting
0 Karma
Reply

mikelanghorst
Motivator
‎01-20-2016 07:28 PM

The response I've gotten is that 77.30 is not supported, and I've gotten no response as to when it may be supported.

0 Karma
Reply

keithyap
Path Finder
‎11-30-2015 01:03 AM

Were you able to solve this issue?

0 Karma
Reply

ashokqos
Path Finder
‎09-04-2015 02:54 AM

Even I had the issues running LEA version 3.1.0 on CentOS. As I can understand the problem is not with Check Point R77.30 but between LEA3.1.0 and CentOS. I use LEA2.10 and it works perfectly with my R77.30.

0 Karma
Reply

mikelanghorst
Motivator
‎01-20-2016 07:27 PM

where did you get the LEA 2.10?

Could you provide more details, was it the full 2.10 app you're using?

0 Karma
Reply

ashokqos
Path Finder
‎01-20-2016 09:34 PM

I downloaded 2.10 version well before 3.10 was released. If you want I can share. Please mail me splunk@qos.co.in
For me 2.10 & R77.30 is working perfectly on CentOS 6.4 (64 - bit). Step by step method I have provided on my blog.

https://qostechnology.wordpress.com/2015/04/29/integration-of-splunk-with-checkpoint-managementlog-s...

Here are some details of my setup. As you can see connection on port 18184 is established by LEA client 2.10.
[root@centos ~]# more /etc/redhat-release
CentOS release 6.4 (Final)
[root@centos ~]# uname -a
Linux centos 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]# netstat -na | grep 18184
tcp 0 0 192.168.10.28:58978 192.168.10.253:18184 ESTABLISHED
[root@centos ~]#

0 Karma
Reply

mreynov_splunk
Splunk Employee
Splunk Employee
‎12-01-2015 02:07 PM

This might have been due to lack of 64-bit support of the LEA cert.

0 Karma
Reply

mreynov_splunk
Splunk Employee
Splunk Employee
‎08-07-2015 08:57 AM

I believe it should be supported, the differences between base 77 and 77.3 should not be disruptive. This is a separate issue. What OS are you running this on?

0 Karma
Reply

mikelanghorst
Motivator
‎01-20-2016 07:29 PM

Officially, no 77.30 is not supported and my case regarding issues on 77.30 was closed as such.

0 Karma
Reply

Cris
Explorer
‎08-10-2015 12:52 AM

Linux CentOS 7

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...