Hello
I am trying to integrate Checkpoint logs into Splunk using the OPSEC LEA modular input/TA. I notice the below error post configuring the connections and inputs
2018-05-20 05:53:33,998 +0000 log_level=ERROR, pid=xxxx, tid=Thread-61667, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="name" connection="connecitonname" data="xxx"]log_level=0 file:lea_loggrabber.cpp func_name:check_session_end_reason code_line_no:1056 :ERROR: Session end reason: SIC ERROR 147 - SIC Error for lea: Authentication error
I see this error for each of the inputs that is configured.
the setup is
-- 1 Primary checkpoint Manager
-- 1 Secondary checkpoint Manager
-- 1 reporter manager server
-- multiple gateways
So i presume the certificate shall be pulled from the primary manager and the logs as well, as manager deals with all the gateways. I did pull the certificate from primary manager and configured the connections.conf for manager, but above is the error i see. Couldn't figure out yet the issue to fix. 😞
Did anyone test the Checkpoint OPSEC LEA for splunk over distributed architecture that has a manager handling gateways and a reporter server.
I would be glad if anyone can help me on this.
Thanks
Surya Teja
... View more