All Apps and Add-ons

What settings are needed to run the Splunk Add-on for Check Point OPSEC LEA in 6.4.1 on Red Hat Enterprise Linux 7?

pinVie
Path Finder

Hi,

Is anybody running the Splunk Add-on for Check Point OPSEC LEA on RHEL 7?
If so, are there special settings or the like that have to be done?

Thank you !

0 Karma
1 Solution

javiergn
Super Champion

We are.
No issues so far. I know it's not meant to be fully supported by the current version of the App (3.1.0), but it's not causing any issues.
Keep in mind it won't work with Splunk 6.4 or above.

The new release of the App is supposed to be coming out soon so RHEL 7 might be fully supported then (and also Splunk 6.4 and above).

View solution in original post

javiergn
Super Champion

We are.
No issues so far. I know it's not meant to be fully supported by the current version of the App (3.1.0), but it's not causing any issues.
Keep in mind it won't work with Splunk 6.4 or above.

The new release of the App is supposed to be coming out soon so RHEL 7 might be fully supported then (and also Splunk 6.4 and above).

pinVie
Path Finder

Thank you for this information - I installed it some minutes ago and get this error "custom:199 - cannot load specified module remote in app Splunk_TA_opseclea_linux22: /opt/splunk/lib/python2.7/site-packages/M2Crypto/__m2crypto.so: undefined symbol: SSLv2_method"

I thought that this might be related to the fact that we are using RHEL 7 but it seems that it is a different reason.

0 Karma

javiergn
Super Champion

Are you running Splunk 6.4?
If so, you need to downgrade to 6.3 because python in 6.4 doesn't work with OPSEC LEA.

This will be fixed in the next release of OPSEC LEA app

pinVie
Path Finder

Yes I am running 6.4.1.
Thank you for this hint !!!!! 🙂

0 Karma

javiergn
Super Champion

I had exactly the same problem 3 weeks ago so still fresh 😄

0 Karma

javiergn
Super Champion

By the way, if this works for you don't forget to mark it as answered so that others can benefit from it

0 Karma

pinVie
Path Finder

Done - it is working 🙂

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...