All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Check Point OPSEC LEA: Why does "Manage Connections" never load and I get no data?

whoa
Explorer
‎04-07-2016 07:55 AM

I have Checkpoint R75.40 installed in a tiered format (Separate Mgt Console, FW, and GUI on different boxes). I have followed all of the documentation found here: docs.splunk.com/Documentation/OPSEC-LEA

I have "Trust Established" on the OPSEC object in Checkpoint, and have found all of the SIC_ENTITY variables per the documentation, but in the Splunk frontend GUI under Splunk > Splunk Add-on for Check Point OPSEC LEA > Manage Connections > Just to the right of that I get the spinning circle as if it's trying to load data, but it never does.

In this document: wiki.splunk.com/Community:Configure_OPSEC_LEA_input under section 1 Checkpoint FW Modification Step 2 it says to "Edit $FWDIR/conf/fwopsec.conf and add the following lines to enable the LEA service". On my mgt console in that directory there is no fwopsec.conf file so I created one and added those 2 lines. I then did the cpstop / cpstart and did a ./splunk restart

As a sidenote I have Splunk installed on Ubuntu 14.04, but I don't think that matters as I've gotten everything installed programmatically just fine.

In var/log/splunk Ive tailed conf.log / opsec.log / splunk.log, but I don't see any errors... Not sure what to do to make this work...

Please help.

Reply

hjauch_splunk
Splunk Employee
Splunk Employee
‎04-15-2016 04:54 PM

Do you by chance have FIPSs mode enabled? There is a known issue with FIPs mode.

OPSEC-398 When FIPs is enabled in a distributed Spunk Enterprise environment, the Manage Connections page cannot be accessed on the search head, even after restarting the Splunk platform

0 Karma
Reply

neelamsantosh
Path Finder
‎04-13-2016 02:30 AM

Any update or workaround..

0 Karma
Reply

tsweet_splunk
Splunk Employee
Splunk Employee
‎04-07-2016 11:09 AM

Check out this post from yesterday - I think it may be your issue:

https://answers.splunk.com/answers/389001/checkpoint-add-on-for-check-point-opsec-lea-why-is.html#co...

0 Karma
Reply

whoa
Explorer
‎04-07-2016 12:04 PM

I modified the remote.py and restarted splunk and still no joy. In that thread however he said he disabled the "proxy settings". Where might those be?

0 Karma
Reply

whoa
Explorer
‎04-12-2016 11:32 AM

No answer so far. Please help.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...