Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Options in lea-loggrabber app

Mahieu
Communicator
‎09-22-2014 02:02 AM

Hi there,

I'm using the old lea-loggrabber app for collecting my Checkpoint logs (this one http://wiki.splunk.com/Community:Configure_OPSEC_LEA_input).
Is there a way to disable name resolution in there ?
I've seen that it's a simple option in the new Splunk Add-on for Check Point OPSEC LEA.

I might migrate to the new app but I need to work on it as I've made a few changes to my scripts to support Splunk HA.
I have two indexers in a cluster and I can't have both running the script which would mean indexing the logs twice.

Thanks in advance.

M.

Reply

duberich
New Member
‎09-22-2014 06:11 AM

You can turn off name resolution with a patched binary as referenced in http://answers.splunk.com/answers/23975/check-point-object-name-resolution.html

We usually setup a separate heavy forwarder for data collection using a pull for things like checkpoint, mcafee, sourcefire, dbcollect, etc.

Regards,
--RIch

0 Karma
Reply

Mahieu
Communicator
‎09-22-2014 07:07 AM

Looks interesting, do you know where I can get this patched version ?
Thanks in advance.

Mat

0 Karma
Reply

duberich
New Member
‎09-22-2014 07:24 AM

Should be able to get it through support.

--Rich

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...