Archive
Highlighted

Splunk Add-on for Check Point OPSEC LEA Linux Configuration: Where is the local folder and opsec.conf?

Explorer

I have got to page 31 in the documentation (configuring the LEA client using the command line) - Working off a linux HWF Server.
Step2 Edit opsec.conf
Which should be $SPLUNKHOME/etc/apps/SplunkTAopseclealinux22/local/opsec.conf
But there is no local folder and no opsec.conf.
I have checked the download and it doesn't include the local folder or the opsec.conf file.
Does anyone know why these are missing?

Highlighted

Re: Splunk Add-on for Check Point OPSEC LEA Linux Configuration: Where is the local folder and opsec.conf?

Motivator

In this case you must create the local directory, then create the opsec.conf file inside this directory.

Finally you must add the domain stanza to the opsec.conf file, as detailed in the docs.

A note has been added to the doc to reflect that http://docs.splunk.com/Documentation/OPSEC-LEA/2.1/Install/ConfiguretheLEAclient#Step_2._Edit_opsec....

View solution in original post