- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk Add-on for Check Point OPSEC LEA 3.1.0:...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Add-on for Check Point OPSEC LEA 3.1.0: Is the firewall version R77.30 supported?
Hi everyone,
I've installed the Splunk Add-on for Checkpoint OPSEC LEA v.3.1.0 on Splunk Enterprise v.6.2.4.
The version of the firewall is R77.30, but on the requirements I can see the upper version indicated i R77.
Does anyone know if version R77.30 is also supported?
On the opsec_watchdog.log file I always have these three lines:
2015-08-07 15:48:51,821 INFO 22457 140600047077184 Starting exec: ['./lea_loggrabber', '--configentity', 'SplunkLEA', '--appname', 'Splunk_TA_opseclea_linux22']
2015-08-07 15:48:53,073 INFO 22457 140600047077184 got ret code 1
2015-08-07 15:48:54,074 INFO 22457 140600047077184 process crashed (1), restarting
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The response I've gotten is that 77.30 is not supported, and I've gotten no response as to when it may be supported.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Were you able to solve this issue?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Even I had the issues running LEA version 3.1.0 on CentOS. As I can understand the problem is not with Check Point R77.30 but between LEA3.1.0 and CentOS. I use LEA2.10 and it works perfectly with my R77.30.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
where did you get the LEA 2.10?
Could you provide more details, was it the full 2.10 app you're using?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I downloaded 2.10 version well before 3.10 was released. If you want I can share. Please mail me splunk@qos.co.in
For me 2.10 & R77.30 is working perfectly on CentOS 6.4 (64 - bit). Step by step method I have provided on my blog.
https://qostechnology.wordpress.com/2015/04/29/integration-of-splunk-with-checkpoint-managementlog-s...
Here are some details of my setup. As you can see connection on port 18184 is established by LEA client 2.10.
[root@centos ~]# more /etc/redhat-release
CentOS release 6.4 (Final)
[root@centos ~]# uname -a
Linux centos 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]# netstat -na | grep 18184
tcp 0 0 192.168.10.28:58978 192.168.10.253:18184 ESTABLISHED
[root@centos ~]#
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This might have been due to lack of 64-bit support of the LEA cert.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe it should be supported, the differences between base 77 and 77.3 should not be disruptive. This is a separate issue. What OS are you running this on?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Officially, no 77.30 is not supported and my case regarding issues on 77.30 was closed as such.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Linux CentOS 7
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
