All Apps and Add-ons

Splunk Add-on for Check Point OPSEC LEA Linux Configuration: Where is the local folder and opsec.conf?

a599korg
Explorer

I have got to page 31 in the documentation (configuring the LEA client using the command line) - Working off a linux HWF Server.
Step2 Edit opsec.conf
Which should be $SPLUNK_HOME/etc/apps/Splunk_TA_opseclea_linux22/local/opsec.conf
But there is no local folder and no opsec.conf.
I have checked the download and it doesn't include the local folder or the opsec.conf file.
Does anyone know why these are missing?

1 Solution

MarioM
Motivator

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

View solution in original post

MarioM
Motivator

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...