All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Check Point OPSEC LEA: Why does "Manage Connections" never load and I get no data?

whoa
Explorer
‎04-07-2016 07:55 AM

I have Checkpoint R75.40 installed in a tiered format (Separate Mgt Console, FW, and GUI on different boxes). I have followed all of the documentation found here: docs.splunk.com/Documentation/OPSEC-LEA

I have "Trust Established" on the OPSEC object in Checkpoint, and have found all of the SIC_ENTITY variables per the documentation, but in the Splunk frontend GUI under Splunk > Splunk Add-on for Check Point OPSEC LEA > Manage Connections > Just to the right of that I get the spinning circle as if it's trying to load data, but it never does.

In this document: wiki.splunk.com/Community:Configure_OPSEC_LEA_input under section 1 Checkpoint FW Modification Step 2 it says to "Edit $FWDIR/conf/fwopsec.conf and add the following lines to enable the LEA service". On my mgt console in that directory there is no fwopsec.conf file so I created one and added those 2 lines. I then did the cpstop / cpstart and did a ./splunk restart

As a sidenote I have Splunk installed on Ubuntu 14.04, but I don't think that matters as I've gotten everything installed programmatically just fine.

In var/log/splunk Ive tailed conf.log / opsec.log / splunk.log, but I don't see any errors... Not sure what to do to make this work...

Please help.

Reply

hjauch_splunk
Splunk Employee
Splunk Employee
‎04-15-2016 04:54 PM

Do you by chance have FIPSs mode enabled? There is a known issue with FIPs mode.

OPSEC-398 When FIPs is enabled in a distributed Spunk Enterprise environment, the Manage Connections page cannot be accessed on the search head, even after restarting the Splunk platform

0 Karma
Reply

neelamsantosh
Path Finder
‎04-13-2016 02:30 AM

Any update or workaround..

0 Karma
Reply

tsweet_splunk
Splunk Employee
Splunk Employee
‎04-07-2016 11:09 AM

Check out this post from yesterday - I think it may be your issue:

https://answers.splunk.com/answers/389001/checkpoint-add-on-for-check-point-opsec-lea-why-is.html#co...

0 Karma
Reply

whoa
Explorer
‎04-07-2016 12:04 PM

I modified the remote.py and restarted splunk and still no joy. In that thread however he said he disabled the "proxy settings". Where might those be?

0 Karma
Reply

whoa
Explorer
‎04-12-2016 11:32 AM

No answer so far. Please help.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...