×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
nowellca
Engager
Member since: ‎06-14-2011
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎06-14-2011
Activity Feed
View All

OPSEC LEA with CheckPoint: SIC ERROR 119 - SIC Err...

by in Getting Data In
‎03-07-2013 07:59 PM
2 Karma
‎03-07-2013 07:59 PM
2 Karma
We Installed OPSEC LEA on RedHat to connect to CheckPoint 75.40. The app is enabled and connected. CheckPoint shows that trust is established, but Splunk shows "waiting for data" instead of showing it as a datasource. When running lea-loggrabber.sh (with crednetial) in debug 3 mode, I saw the following errors: DEBUG: OPSEC_SESSION_END_HANDLER called ERROR: SIC ERROR 119 - SIC Error for ssl_opsec: Client could not choose an authentication method for service ssl_opsec When manually running lea_loggrabber (with the SPLUNK_HOME variable set), after I log in, I see: splunkd request failed, 404: $PLUNK_HOME/bin/splunk _internal call /servicesNS/nobody/splunk_opseclea/opsec/log_status/1@ QUERYING: 'https://127.0.0.1:8089/servicesNS/nobody/splunk_opseclea/opsec/log_status/1@" FAILED: 'HTTP/1.1 404 Not Found' In handler 'log_status': Could not find object id=1@ The splunkd.log shows the following: ERROR ExecProcessor - message from "/opt/splunk/etc/apps/splunk_opseclea/bin/lea-loggrabber.sh --configentity CheckPoint" The opsec-entity-health.conf file shows is_connected = 0, so I assume that something is wrong with the connection. Anyone know how to solve the problem? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All