Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Options in lea-loggrabber app

Mahieu
Communicator
‎09-22-2014 02:02 AM

Hi there,

I'm using the old lea-loggrabber app for collecting my Checkpoint logs (this one http://wiki.splunk.com/Community:Configure_OPSEC_LEA_input).
Is there a way to disable name resolution in there ?
I've seen that it's a simple option in the new Splunk Add-on for Check Point OPSEC LEA.

I might migrate to the new app but I need to work on it as I've made a few changes to my scripts to support Splunk HA.
I have two indexers in a cluster and I can't have both running the script which would mean indexing the logs twice.

Thanks in advance.

M.

Reply

duberich
New Member
‎09-22-2014 06:11 AM

You can turn off name resolution with a patched binary as referenced in http://answers.splunk.com/answers/23975/check-point-object-name-resolution.html

We usually setup a separate heavy forwarder for data collection using a pull for things like checkpoint, mcafee, sourcefire, dbcollect, etc.

Regards,
--RIch

0 Karma
Reply

Mahieu
Communicator
‎09-22-2014 07:07 AM

Looks interesting, do you know where I can get this patched version ?
Thanks in advance.

Mat

0 Karma
Reply

duberich
New Member
‎09-22-2014 07:24 AM

Should be able to get it through support.

--Rich

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...