Splunk Search

Splunk Add-on for Check Point OPSEC LEA Linux: Why am I getting error "Client could not choose an authentication method for service lea"?

rodrigorsilva
Communicator

Hello everyone,

I'm trying to set up a manage CheckPoint OPSEC performed using the procedure as the documentation:

http://docs.splunk.com/Documentation/OPSEC-LEA/2.1.1/Install/ConfiguretheLEAclient#Configure_using_t...

This time to run tests with the add-on:

/opt/splunk/bin/splunk cmd /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber-debug.sh

I get the following message:

DEBUG: OPSEC_SESSION_END_HANDLER called
ERROR: SIC ERROR 119 - SIC Error for lea: Client could not choose an authentication method for service lea

Would anyone have a clue what I might be missing?

Thanks to all

Rodrigo Ribeiro

1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

can you post your opsec_entity_sic_name and opsec_sic_name details in opsec.conf?
SIC 119 is generally caused by misconfigured settings in this file.

View solution in original post

Chubbybunny
Splunk Employee
Splunk Employee

can you post your opsec_entity_sic_name and opsec_sic_name details in opsec.conf?
SIC 119 is generally caused by misconfigured settings in this file.

rodrigorsilva
Communicator

It worked, the file you indicated has a parameter:

opsec_sslca_file = ../certs/SplunkLEA.p12

When I ran the push the files were stored in:

/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/opsec-tools

Basically moved the files to the location pointed to:

[root@LABO2 opsec-tools]# pwd
/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/opsec-tools
[root@LABO2 opsec-tools]# cp *.p12 ../certs/

In a way your tip led me to the exact point, thank you.

Rodrigo Ribeiro

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...