Does anyone know of a good way to debug problems with the checkpoint lea client? I've been having trouble getting my configured.
Yes! you'll want to add a shell variable that calls OPSEC debugging when the lea_loggrabber client is called.
First, set the OPSEC debug level:
OPSEC_DEBUG_LEVEL=3; export OPSEC_DEBUG_LEVEL
Then run the splunk lea_loggrabber.sh script manually:
SPLUNK_HOME=/opt/splunk/ ./lea-loggrabber.sh
The debug output is very verbose so you may want to send the output to a file for splunk support to review.
If you need to dive deeper into the problem, on the Checkpoint Manager you can also enable OPSEC debugging.
% fw debug fwm on OPSEC_DEBUG_LEVEL=9
The debug file is located at $FWDIR/log/fwm.elg
To stop the FWM debug, execute:
% fw debug fwm off OPSEC_DEBUG_LEVEL=1
Yes! you'll want to add a shell variable that calls OPSEC debugging when the lea_loggrabber client is called.
First, set the OPSEC debug level:
OPSEC_DEBUG_LEVEL=3; export OPSEC_DEBUG_LEVEL
Then run the splunk lea_loggrabber.sh script manually:
SPLUNK_HOME=/opt/splunk/ ./lea-loggrabber.sh
The debug output is very verbose so you may want to send the output to a file for splunk support to review.
If you need to dive deeper into the problem, on the Checkpoint Manager you can also enable OPSEC debugging.
% fw debug fwm on OPSEC_DEBUG_LEVEL=9
The debug file is located at $FWDIR/log/fwm.elg
To stop the FWM debug, execute:
% fw debug fwm off OPSEC_DEBUG_LEVEL=1