Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

LEA Client don't connect to Check Point OPSEC LEA Server

idiota
Loves-to-Learn Lots
‎08-01-2014 01:10 AM

Hello all,

I try to create connection from LEA client to Check Point OPSEC LEA Server,

Connection Details > Certificate > SID Details
Select "I need to get a new certficate"
Lea App Name : SplunkLEA
One-time Password : 123456
Management Server : 192.168.1.10

After click "Next", received "Server error".

I check $SPLUNK_HOME/var/log/splunk/web_service.log , find the error:
2014-08-01 15:28:04,982 ERROR [53db4184f97f51ec320810] :522 - params: {'model': u'{"opsec_host":"192.168.1.10","conn_name":"Splunk","opsec_app_name":"SplunkLEA","opsec_key":"123456"}'}
2014-08-01 15:28:05,325 ERROR [53db4185517f51ec320b10] :522 - params: {'model': u'{"opsec_host":"192.168.1.10","conn_name":"Splunk","opsec_app_name":"SplunkLEA","opsec_key":"123456"}'}

Does anyone meet the problem?

Thanks for your help.

Tao

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎08-01-2014 09:18 AM

I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh

To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎08-01-2014 09:18 AM

I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh

To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements

0 Karma
Reply
Solved! Jump to solution

d646800
Explorer
‎06-24-2015 08:50 PM

i am facing the same issue even though i have installed the latest glibc and pam. I am quite sure i did it right because when I ran /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh, theer was an error . but now all i got is

[splunk@pucu-spf-44 bin]$ /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
unknown parameter ../certs/

CheckPoint 2001. Getting an object's certificate. Works once per certificate.

Usage: opsec_pull_cert -h host -n object-name -p passwd [-o cert_file] [-od dn_file]
-p is the one-time-password given in the SmartDashboard when defining this entity.
-o is for the output certificate file. default is "($OPSECDIR/)opsec.p12".
-od is for the output sic name (one line text file).
A relative path filename will be concatenated to OPSECDIR env variable (if exists).

and in ** opsec.log** still the same
2015-06-25 03:25:04,408 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
2015-06-25 03:25:27,508 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}

0 Karma
Reply
Solved! Jump to solution

idiota
Loves-to-Learn Lots
‎08-04-2014 08:14 PM

Thanks, afer install pam.i686 and glibc.i686 , connect to smartcenter is ok.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...