I am getting the errors below when i try to made a new connection to a checkpoint log server
my opsec.log
2015-06-25 03:25:04,408 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
2015-06-25 03:25:27,508 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
i went through the system requirement and installed the latest pam and glibc but that did not resolve my issue. not sure what am i missing
http://docs.splunk.com/Documentation/OPSEC-LEA/3.0.0/Install/Systemrequirements
[splunk@pucu-spf-44 bin]$ /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
unknown parameter ../certs/
CheckPoint 2001. Getting an object's certificate. Works once per certificate.
Usage: opsec_pull_cert -h host -n object-name -p passwd [-o cert_file] [-od dn_file]
-p is the one-time-password given in the SmartDashboard when defining this entity.
-o is for the output certificate file. default is "($OPSECDIR/)opsec.p12".
-od is for the output sic name (one line text file).
A relative path filename will be concatenated to OPSECDIR env variable (if exists).
had a similar issue the other week, and was able to resolve it by installing the Check Point database after creating the SplunkLEA OPSEC app.
Did u provide the below details correctly, to pull a certificate
eg:
Connection name : LEA10.95.3.6
Log Server IP : 10.95.3.6
Log Server Port ; 18184
Verion : choose you device version
Once , pulled the certificate, it is stored under the .p12 file.
Note: If you receive an error message, this might be because you are attempting to pull the same certificate for the same Connection Name, using an invalid password or IP address, or the connection to the server is down. For additional error details, see $SPLUNK_HOME/var/log/splunk/web_service.log.
Hope , you are using heavy forwarder installed with "Splunk add-on for checkpoint OPSEC lea"
are you able to successfully create a new connection entry in the app "Splunk add-on for checkpoint OPSEC lea" ?
Provide the SIC Name & Entity SIC name correctly , while you add a new connection instance. On successful creation , you will see the Last Updated column getting populated with latest time
yes, heavy forwarder for sure
this is the error when i try to create new connection- it does not even create the connection sucessfully. i use "i need to get new certificates" so i am not being asked to enter SIC Name & Entity SIC name