Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About daveABF
daveABF
Engager
Member since:
09-05-2018
06-05-2020
Community Statistics
| Posts | 2 |
| Solutions | 1 |
| Karma Given | 1 |
| Karma Received | 2 |
| Member Since | 09-05-2018 |
Activity Feed
- Got Karma for Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections.. 06-05-2020 12:49 AM
- Got Karma for Re: Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections.. 06-05-2020 12:49 AM
- Karma Re: Best method for pulling Microsoft DNS logs with Splunk for _d_. 06-05-2020 12:46 AM
- Posted Re: Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections. on All Apps and Add-ons. 09-05-2018 08:47 AM
- Posted Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections. on All Apps and Add-ons. 09-05-2018 06:45 AM
- Tagged Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections. on All Apps and Add-ons. 09-05-2018 06:45 AM
- Tagged Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections. on All Apps and Add-ons. 09-05-2018 06:45 AM
- Tagged Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections. on All Apps and Add-ons. 09-05-2018 06:45 AM
- Tagged Splunk Add-on for Check Point OPSEC LEA not making TCP outbound Connections. on All Apps and Add-ons. 09-05-2018 06:45 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 |
09-05-2018
08:47 AM
1 Karma
Found the answer to our problem.
The Lea_loggrabber was having a segmentation crash. turned out the problem was due to the hostname not being listed in the hosts file.
adding it solved the issue.
... View more
09-05-2018
06:45 AM
1 Karma
Can Anyone assist. we recently upgraded Linux to the latest version of patches and as a result the Splunk Add-on for Check Point OPSEC LEA appears to have broken.
We have re-installed the app and triple checked the configs. and there are no errors, or warnings to suggest why its not working. but the logs suggest there are 0 events. Can anyone give us an idea what could be preventing the App pulling the logs. (we have disabled the local firewall completely)
2018-09-05 13:34:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] Start indexing data for CONTFW01_SmartDefense_smartdefense
2018-09-05 13:34:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_Firewall" data="fw"] Start indexing data for CONTFW01_Firewall_fw
2018-09-05 13:34:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 2 ready jobs, next duration is 59.999459, and there are 2 jobs scheduling
2018-09-05 13:34:11,488 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data fw --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=VPN-1 & FireWall-1 --last_record_location 1528930800:11950265 --online --no_resolve
2018-09-05 13:34:11,489 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data smartdefense --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=SmartDefense --online --no_resolve
2018-09-05 13:34:11,496 +0000 log_level=INFO, pid=15591, tid=Thread-25, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
2018-09-05 13:34:11,496 +0000 log_level=INFO, pid=15591, tid=Thread-25, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
2018-09-05 13:34:11,499 +0000 log_level=INFO, pid=15591, tid=Thread-27, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
2018-09-05 13:34:11,499 +0000 log_level=INFO, pid=15591, tid=Thread-27, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
2018-09-05 13:34:11,503 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Successfully indexed events: 0
2018-09-05 13:34:11,505 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"] Successfully indexed events: 0
2018-09-05 13:34:11,993 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=thread_pool.py, func_name=_run, code_line_no=261 | Thread work_queue_size=0
2018-09-05 13:34:11,993 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_data_collector.py, func_name=index_data, code_line_no=119 | [input_name="CONTFW01_Firewall" data="fw"] End of indexing data for CONTFW01_Firewall_fw
2018-09-05 13:34:11,995 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=thread_pool.py, func_name=_run, code_line_no=261 | Thread work_queue_size=0
2018-09-05 13:34:11,995 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=119 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] End of indexing data for CONTFW01_SmartDefense_smartdefense
2018-09-05 13:35:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-7, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_Firewall" data="fw"] Start indexing data for CONTFW01_Firewall_fw
2018-09-05 13:35:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 2 ready jobs, next duration is 59.999522, and there are 2 jobs scheduling
2018-09-05 13:35:11,488 +0000 log_level=INFO, pid=15591, tid=Thread-7, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data fw --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=VPN-1 & FireWall-1 --last_record_location 1528930800:11950265 --online --no_resolve
2018-09-05 13:35:11,488 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] Start indexing data for CONTFW01_SmartDefense_smartdefense
2018-09-05 13:35:11,491 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data smartdefense --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=SmartDefense --online --no_resolve
2018-09-05 13:35:11,496 +0000 log_level=INFO, pid=15591, tid=Thread-29, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
2018-09-05 13:35:11,496 +0000 log_level=INFO, pid=15591, tid=Thread-29, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
2018-09-05 13:35:11,498 +0000 log_level=INFO, pid=15591, tid=Thread-31, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
2018-09-05 13:35:11,499 +0000 log_level=INFO, pid=15591, tid=Thread-31, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
2018-09-05 13:35:11,504 +0000 log_level=INFO, pid=15591, tid=Thread-7, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Successfully indexed events: 0
2018-09-05 13:35:11,516 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"] Successfully indexed events: 0
2018-09-05 13:35:11,994 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=119 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] End of indexing data for CONTFW01_SmartDefense_smartdefense
2018-09-05 13:35:11,994 +0000 log_level=INFO, pid=15591, tid=Thread-7, file=thread_pool.py, func_name=_run, code_line_no=261 | Thread work_queue_size=0
2018-09-05 13:35:11,994 +0000 log_level=INFO, pid=15591, tid=Thread-7, file=ta_data_collector.py, func_name=index_data, code_line_no=119 | [input_name="CONTFW01_Firewall" data="fw"] End of indexing data for CONTFW01_Firewall_fw
2018-09-05 13:35:11,995 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=thread_pool.py, func_name=_run, code_line_no=261 | Thread work_queue_size=0
2018-09-05 13:36:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 2 ready jobs, next duration is 59.998939, and there are 2 jobs scheduling
2018-09-05 13:36:11,488 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data fw --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=VPN-1 & FireWall-1 --last_record_location 1528930800:11950265 --online --no_resolve
2018-09-05 13:36:11,488 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_Firewall" data="fw"] Start indexing data for CONTFW01_Firewall_fw
2018-09-05 13:36:11,490 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] Start indexing data for CONTFW01_SmartDefense_smartdefense
2018-09-05 13:36:11,491 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data smartdefense --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=SmartDefense --online --no_resolve
2018-09-05 13:36:11,495 +0000 log_level=INFO, pid=15591, tid=Thread-33, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
2018-09-05 13:36:11,495 +0000 log_level=INFO, pid=15591, tid=Thread-33, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
2018-09-05 13:36:11,499 +0000 log_level=INFO, pid=15591, tid=Thread-35, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2535 :INFO: Successfully initialize client/server-pair
2018-09-05 13:36:11,499 +0000 log_level=INFO, pid=15591, tid=Thread-35, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"]log_level=2 file:lea_loggrabber.cpp func_name:get_fw1_logfiles code_line_no:2506 :INFO: Successfully create opsec environment
2018-09-05 13:36:11,502 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Successfully indexed events: 0
2018-09-05 13:36:11,507 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="CONTFW01_SmartDefense" connection="CONTFW01" data="smartdefense"] Successfully indexed events: 0
2018-09-05 13:36:11,995 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=thread_pool.py, func_name=_run, code_line_no=261 | Thread work_queue_size=0
2018-09-05 13:36:11,995 +0000 log_level=INFO, pid=15591, tid=Thread-4, file=ta_data_collector.py, func_name=index_data, code_line_no=119 | [input_name="CONTFW01_Firewall" data="fw"] End of indexing data for CONTFW01_Firewall_fw
2018-09-05 13:36:11,996 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=thread_pool.py, func_name=_run, code_line_no=261 | Thread work_queue_size=0
2018-09-05 13:36:11,996 +0000 log_level=INFO, pid=15591, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=119 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] End of indexing data for CONTFW01_SmartDefense_smartdefense
2018-09-05 13:37:11,487 +0000 log_level=INFO, pid=15591, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 2 ready jobs, next duration is 59.999463, and there are 2 jobs scheduling
2018-09-05 13:37:11,488 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_Firewall" data="fw"] Start indexing data for CONTFW01_Firewall_fw
2018-09-05 13:37:11,489 +0000 log_level=INFO, pid=15591, tid=Thread-6, file=ta_opseclea_data_collector.py, func_name=start_lea_loggrabber, code_line_no=337 | [input_name="CONTFW01_Firewall" connection="CONTFW01" data="fw"] Starting /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/bin/../bin/lea_loggrabber --data fw --debug_level 2 --appname Splunk_TA_checkpoint-opseclea --lea_server_ip 172.18.0.1 --lea_server_auth_port 18184 --lea_server_auth_type ssl_opsec --opsec_sslca_file /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/checpointfw.p12 --opsec_sic_name CN=ABF-SplunkLEA,O=CONTFW01.domain.local.erh35p --opsec_entity_sic_name CN=internal_ca,O=CONTFW01.domain.local.erh35p --filter product=VPN-1 & FireWall-1 --last_record_location 1528930800:11950265 --online --no_resolve
2018-09-05 13:37:11,492 +0000 log_level=INFO, pid=15591, tid=Thread-7, file=ta_data_collector.py, func_name=index_data, code_line_no=102 | [input_name="CONTFW01_SmartDefense" data="smartdefense"] Start indexing data for CONTFW01_SmartDefense_smartdefense
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
