Security

How can I debug my lea client for checkpoint?

jbsplunk
Splunk Employee
Splunk Employee

Does anyone know of a good way to debug problems with the checkpoint lea client? I've been having trouble getting my configured.

1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

Yes! you'll want to add a shell variable that calls OPSEC debugging when the lea_loggrabber client is called.
First, set the OPSEC debug level:

OPSEC_DEBUG_LEVEL=3; export OPSEC_DEBUG_LEVEL

Then run the splunk lea_loggrabber.sh script manually:

SPLUNK_HOME=/opt/splunk/ ./lea-loggrabber.sh 

The debug output is very verbose so you may want to send the output to a file for splunk support to review.

If you need to dive deeper into the problem, on the Checkpoint Manager you can also enable OPSEC debugging.

% fw debug fwm on OPSEC_DEBUG_LEVEL=9

The debug file is located at $FWDIR/log/fwm.elg

To stop the FWM debug, execute:

% fw debug fwm off OPSEC_DEBUG_LEVEL=1

View solution in original post

Chubbybunny
Splunk Employee
Splunk Employee

Yes! you'll want to add a shell variable that calls OPSEC debugging when the lea_loggrabber client is called.
First, set the OPSEC debug level:

OPSEC_DEBUG_LEVEL=3; export OPSEC_DEBUG_LEVEL

Then run the splunk lea_loggrabber.sh script manually:

SPLUNK_HOME=/opt/splunk/ ./lea-loggrabber.sh 

The debug output is very verbose so you may want to send the output to a file for splunk support to review.

If you need to dive deeper into the problem, on the Checkpoint Manager you can also enable OPSEC debugging.

% fw debug fwm on OPSEC_DEBUG_LEVEL=9

The debug file is located at $FWDIR/log/fwm.elg

To stop the FWM debug, execute:

% fw debug fwm off OPSEC_DEBUG_LEVEL=1
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...