Solved: Splunk Add-on for Check Point OPSEC LEA Linux Conf...

a599korg · ‎09-16-2014

I have got to page 31 in the documentation (configuring the LEA client using the command line) - Working off a linux HWF Server.
Step2 Edit opsec.conf
Which should be $SPLUNK_HOME/etc/apps/Splunk_TA_opseclea_linux22/local/opsec.conf
But there is no local folder and no opsec.conf.
I have checked the download and it doesn't include the local folder or the opsec.conf file.
Does anyone know why these are missing?

MarioM · ‎09-22-2014

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

View solution in original post

MarioM · ‎09-22-2014

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

Splunk Add-on for Check Point OPSEC LEA Linux Configuration: Where is the local folder and opsec.conf?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation