Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I debug my lea client for checkpoint?

jbsplunk
Splunk Employee
Splunk Employee
‎11-08-2011 09:57 AM

Does anyone know of a good way to debug problems with the checkpoint lea client? I've been having trouble getting my configured.

Reply
1 Solution
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎11-08-2011 10:21 AM

Yes! you'll want to add a shell variable that calls OPSEC debugging when the lea_loggrabber client is called.
First, set the OPSEC debug level:

OPSEC_DEBUG_LEVEL=3; export OPSEC_DEBUG_LEVEL

Then run the splunk lea_loggrabber.sh script manually:

SPLUNK_HOME=/opt/splunk/ ./lea-loggrabber.sh

The debug output is very verbose so you may want to send the output to a file for splunk support to review.

If you need to dive deeper into the problem, on the Checkpoint Manager you can also enable OPSEC debugging.

% fw debug fwm on OPSEC_DEBUG_LEVEL=9

The debug file is located at $FWDIR/log/fwm.elg

To stop the FWM debug, execute:

% fw debug fwm off OPSEC_DEBUG_LEVEL=1

View solution in original post

Reply
Solved! Jump to solution
Solution

Chubbybunny
Splunk Employee
Splunk Employee
‎11-08-2011 10:21 AM

Yes! you'll want to add a shell variable that calls OPSEC debugging when the lea_loggrabber client is called.
First, set the OPSEC debug level:

OPSEC_DEBUG_LEVEL=3; export OPSEC_DEBUG_LEVEL

Then run the splunk lea_loggrabber.sh script manually:

SPLUNK_HOME=/opt/splunk/ ./lea-loggrabber.sh

The debug output is very verbose so you may want to send the output to a file for splunk support to review.

If you need to dive deeper into the problem, on the Checkpoint Manager you can also enable OPSEC debugging.

% fw debug fwm on OPSEC_DEBUG_LEVEL=9

The debug file is located at $FWDIR/log/fwm.elg

To stop the FWM debug, execute:

% fw debug fwm off OPSEC_DEBUG_LEVEL=1
Reply
Get Updates on the Splunk Community!

Digital Resilience Assessment Launch | How prepared are you for disruption?

Disruption is inevitable. The question is – how prepared are you to handle it? In today’s fast-moving digital ...

Buttercup Games: Further Dashboarding Techniques (Part 2)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Index This | What is the next number in the series? 7,645 5,764 4,576…

February 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...