Solved: How do I find the DN of the Checkpoint log manager...

dturnbull_splun · ‎09-11-2012

In the documentation for LEA loggrabber it says I need to get the opsec_entity_sic_name however it's no longer given in the Checkpoint GUI.

How do I find out the right opsec_entity_sic_name?

dart · ‎09-11-2012

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

View solution in original post

Chubbybunny · ‎01-25-2013

Alternatively, if SSH access is unavailable, use the Check Point Database Tool application to locate it, GuiDBedit (C:\Program Files\CheckPoint\SmartConsole\R75.40\PROGRAM\GuiDBedit.exe)

Expand the Network Objects branch.
Select the network_objects table.
Select the desired object by either scrolling down the list of Field Names to find the sic_name field near the end of the list, or by searching for the sic_name field. Enter the sic_name value in the OPSEC client configuration. For example, CN=cp_mgmt_HareServer,O=Chubbybunny..n55nc3

dart · ‎09-11-2012

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

dart · ‎04-12-2013

A likely default will be of the form : CN=cp_mgmt,O=org..a12bc3

How do I find the DN of the Checkpoint log manager object in Checkpoint R75.40?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation