All Apps and Add-ons

What kind of input is CheckPoint Opsec Lea considered?

Path Finder

We are seeing events being dropped at the forwarder. Can persistent queues be used for this connector? Trying to figure out the type of input to determine if persistent queues can be used.

0 Karma


According to the documentation Persistent queues are available for these input types:

Scripted inputs
Windows Event Log inputs

I believe this application uses a modular input, and therefore not a persistent queue.

However what would the persistent queue be used for in this case? This application polls a checkpoint firewall to obtain data, and records it's progress in a checkpoint file as documented here
Therefore I don't see why you would want a persistent queue, the application will poll the firewall for data based on what data it last sent to Splunk...

Alerts for Splunk Admins
Version Control for Splunk
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!