Trying to setup the Splunk Check Point LEA App and I'm getting the following error
Fatal error: glibc detected an invalid stdio handle
./pull-cert.sh: line 7: 16098 Aborted (core dumped) $cmd
Already installed the 32bit version of glibc and pam.
Running Fedora 25
Already tried creating a sym link using ln -s for /libcpc++-libc6.1-2.so.3 in /lib
Tried normal and root user.
Permissions seems fine
Created OPSEC object
ANY ANY rule for testing between CP management and splunk
Line 7 in the pull-cert script is "$cmd"
I can't even get the --help command to work...
"./splunk pull-cert.sh --help" - Same error from above
Using the GUI, I get the following
External handler failed with code '1' and output: 'REST ERROR[400]: Bad Request - Failed to fetch the certificate from server'. See splunkd.log for stderr output.
Anyone experience this issue? Did I miss a step somewhere? Can't get past creating the certificate to proceed unfortunately. If it helps, besides the splunk documentation for Check Point LEA, I'm also using the "Step6 CheckPoint LEA Configure - (6/8)" YouTube video series.
I have the same issue. and i have a debian 9.1 as an OS. Did anyone find a proper solution regarding this ?
Hi,
I installed and configured the checkpoint opsec lea app in the past. I can tell you, I got lots of errors while doing so.
External handler failed with code '1' and output: 'REST ERROR[400]: Bad Request - Failed to fetch the certificate from server'. See splunkd.log for stderr output.
This looks more like a splunk error than an error from OPSEC.
Rebuilt Fedora... Did NOT upgrade to Fedora 24 and it magically works... I'll try upgrading to Fedora 25 once I get logs in and see what happens. No idea why it didn't work