Solved: Re: Splunk Add-on for Check Point OPSEC LEA Linux ...

a599korg · ‎09-16-2014

I have got to page 31 in the documentation (configuring the LEA client using the command line) - Working off a linux HWF Server.
Step2 Edit opsec.conf
Which should be $SPLUNK_HOME/etc/apps/Splunk_TA_opseclea_linux22/local/opsec.conf
But there is no local folder and no opsec.conf.
I have checked the download and it doesn't include the local folder or the opsec.conf file.
Does anyone know why these are missing?

MarioM · ‎09-22-2014

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

View solution in original post

MarioM · ‎09-22-2014

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

Splunk Add-on for Check Point OPSEC LEA Linux Configuration: Where is the local folder and opsec.conf?

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation

Splunk Add-on for Check Point OPSEC LEA Linux Configuration: Where is the local folder and opsec.conf?

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)