All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Configuration of Checkpoint logs and Splunk

kellywilson
Engager
‎03-28-2014 10:24 AM

Hello everyone! I am new to this site as well as Splunk.

I am having a bit of trouble understanding the connection between CP logs and Splunk. We would like to pull those logs into Splunk. As of now, we have a windows (2K8R2) server with the latest version of Splunk enterprise installed, and a Centos 6.5 Linux server with the latest version of splunk installed on it as well. The documentation does a decent job of explaining how to get Splunk onto those particular machines, but not the process in which to import or grab those logs from Checkpoint. I’m confused as to whether or not I need to install the LEA add-on on the linux machine, the CP management server or the windows box, or all of them. Any direction as to how this architecture should look would help tremendously.

Thank you!

Reply
1 Solution
Solved! Jump to solution
Solution

dmaislin_splunk
Splunk Employee
Splunk Employee
‎03-31-2014 06:43 AM

Yes. The app, http://apps.splunk.com/app/1454 would be installed on the Linux machine AND on the Indexer running Splunk Enterprise. The Linux machine should be a full Splunk instance (Heavy Forwarder) that is setup to forward the collected logs from this instance to the Splunk Indexer you have installed on Windows. The add-on needs to be installed on the Indexer to take advantage of field extractions, lookups, and index-time knowledge in the package.

View solution in original post

Reply
Solved! Jump to solution
Solution

dmaislin_splunk
Splunk Employee
Splunk Employee
‎03-31-2014 06:43 AM

Yes. The app, http://apps.splunk.com/app/1454 would be installed on the Linux machine AND on the Indexer running Splunk Enterprise. The Linux machine should be a full Splunk instance (Heavy Forwarder) that is setup to forward the collected logs from this instance to the Splunk Indexer you have installed on Windows. The add-on needs to be installed on the Indexer to take advantage of field extractions, lookups, and index-time knowledge in the package.

Reply
Solved! Jump to solution

dmaislin_splunk
Splunk Employee
Splunk Employee
‎05-07-2014 10:22 AM

Fantastic!

0 Karma
Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎05-07-2014 10:16 AM

Great to hear!

0 Karma
Reply
Solved! Jump to solution

kellywilson
Engager
‎05-07-2014 09:50 AM

Thank you! we have it setup that way exactly and it working like a charm!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...