Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Not receiving audit logs OPSEC LEA since upgraded Checkpoint FW R77 to R80.1

splunkreal
Motivator
‎09-11-2020 08:15 AM

Hello,

we don't receive audit logs anymore since upgrade from R77 to R80.1, anyone has an idea? FW logs are OK.

Should we switch to Checkpoint app for Splunkhttps://splunkbase.splunk.com/app/4293/ using Log exporter?

Thanks for your help.

Splunk Enterprise 7.3.4 / OPSEC LEA app 5.0

 

 

* If this helps, please upvote or accept solution if it solved *
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

splunkreal
Motivator
‎09-16-2020 07:03 AM

deleting /splunk/var/lib/splunk/modinputs/checkpoint_opseclea/Audit_audit then splunk restart solved the problem.

* If this helps, please upvote or accept solution if it solved *

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

splunkreal
Motivator
‎09-16-2020 07:03 AM

deleting /splunk/var/lib/splunk/modinputs/checkpoint_opseclea/Audit_audit then splunk restart solved the problem.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...