We are using the Splunk Add-on for Check Point OPSEC LEA 3.1.0 version and getting lots of errors in splunkd. Trouble is that it's got something going on and is accounting for about 94% of all errors.
Error:
message from"/users/splunk/prod/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-logggrabber.sh --configentity" mode: non_audit
I know there is an updated add-on for this, but I was wondering if this is just a config issue versus a bug issue? if a simple update of the add-on would be a fix then great, just not sure. advice welcomed.
do not update unless your checkpoint environment meets the requirements of the most recent release.