Hi everyone,
I've installed the Splunk Add-on for Checkpoint OPSEC LEA v.3.1.0 on Splunk Enterprise v.6.2.4.
The version of the firewall is R77.30, but on the requirements I can see the upper version indicated i R77.
Does anyone know if version R77.30 is also supported?
On the opsec_watchdog.log file I always have these three lines:
2015-08-07 15:48:51,821 INFO 22457 140600047077184 Starting exec: ['./lea_loggrabber', '--configentity', 'SplunkLEA', '--appname', 'Splunk_TA_opseclea_linux22']
2015-08-07 15:48:53,073 INFO 22457 140600047077184 got ret code 1
2015-08-07 15:48:54,074 INFO 22457 140600047077184 process crashed (1), restarting
The response I've gotten is that 77.30 is not supported, and I've gotten no response as to when it may be supported.
Were you able to solve this issue?
Even I had the issues running LEA version 3.1.0 on CentOS. As I can understand the problem is not with Check Point R77.30 but between LEA3.1.0 and CentOS. I use LEA2.10 and it works perfectly with my R77.30.
where did you get the LEA 2.10?
Could you provide more details, was it the full 2.10 app you're using?
I downloaded 2.10 version well before 3.10 was released. If you want I can share. Please mail me splunk@qos.co.in
For me 2.10 & R77.30 is working perfectly on CentOS 6.4 (64 - bit). Step by step method I have provided on my blog.
Here are some details of my setup. As you can see connection on port 18184 is established by LEA client 2.10.
[root@centos ~]# more /etc/redhat-release
CentOS release 6.4 (Final)
[root@centos ~]# uname -a
Linux centos 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]# netstat -na | grep 18184
tcp 0 0 192.168.10.28:58978 192.168.10.253:18184 ESTABLISHED
[root@centos ~]#
This might have been due to lack of 64-bit support of the LEA cert.
I believe it should be supported, the differences between base 77 and 77.3 should not be disruptive. This is a separate issue. What OS are you running this on?
Officially, no 77.30 is not supported and my case regarding issues on 77.30 was closed as such.
Linux CentOS 7