Re: Checkpoint OPSEC LEA add-on - deployment on cl...

oferprtz · ‎05-18-2014

Hi all,

I've distrbuted add-on Checkpoint OPSEC LEA ADD-ON via 'distrube bundle' from master node.
the bundle was distributed correctly all files into the desired clustered indexers but the add-on failed to launch/start.

inside the splunkd.log file i can see the following error:
05-18-2014 11:36:19.609 +0000 ERROR AdminManager - Could not setup handler 'opsec_conf' due to missing file 'rest_opsec_conf.py'. Please ensure that it is in the bin subdirectory of the appropriate Splunk app path.

I've succeeded to deploy the same app to my forwarders nodes from the 'forwarder management' as a app and it works ok.
the only different between the forwarders and the indexers installation is that the forwarders installation path is: /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22
and in the indexers is: /opt/splunk/etc/slave-apps/Splunk_TA_opseclea_linux22

it could be that the app itself doesnt support different installation path?
if so, how can i overcome this?

thanks,
ofer.

rroussev_splunk · ‎05-20-2014

We haven't seen this issue before. Could you contact splunk support for help? They might ask you for a more detailed layout of the apps directories (as per http://docs.splunk.com/Documentation/Splunk/latest/Indexer/Updatepeerconfigurations).

oferprtz · ‎05-20-2014

Thanks, will do.

Checkpoint OPSEC LEA add-on - deployment on clustered indexers failed

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!