Hello,
Is there a way I can configure the lea-loggrabber-splunk to collect Checkpoint's audit log(audit.log), instead of the default collection on traffic log(fw1.log)?
I am using the lea-loggrabber...
...ine parameter (--noresolve), but I can't get it to run successfully (http://www.sourcefiles.org/Miscellaneous/fw1-loggrabber-1.9.2.tar.gz.shtml)
Anyone done this?
...pps/Splunk_TA_opseclea_linux22/bin/fw1-loggrabber.conf.
For example, I add FW1_FILTER_RULE="action!=accept"
But I think it don't works because when I try a new search with Splunk, I have lot of n...
Hi,
We are migrating away from LogLogic to Splunk for log management. We have a requirement to get the feed from checkpoint Opsec feed in real-time. Does anyone know of any tool (splunk or otherwi...
...etween the fields. I know this was an option with the fw1-loggrabber application but it has been stated that this program has stability issues.
So can you please add an option to the l...
Hi there.
While adding Checkpoint logs to a new Splunk installation (6.1.1) with the OPSEC addon (version 2.1.0) I noticed that Splunk seems to ignore the date from the logs, and only use the time....
Hi
i'm using this app and i have some trouble to reduce the indexed volume
i will reduce the flow selecting only some fields :
i modified the file fw1-loggrabber.conf :
FIELDS="t...
...onfiguration file is: /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/fw1-loggrabber.conf
DEBUG: function logging_init_env
DEBUG: function open_screen
DEBUG: Open connection to screen.
D...