Not exactly. you need to update your hosts file with exactly the same FQDN as your SPLUNK LEA uses. You should see something like this in your leagrabber logs resolver_getaddrinfo_list: name=XXXXXXXXXXXXXXX, pref=0 just check if this is the same in /etc/hosts else add the same. ... View more

I'm using R80.10 Checkpoint Management and I have no data coming from the Checkpoint Management. may I know which file needs to be changed?" hostname not being listed in the hosts file. " 2019-04-02 09:29:44,915 +0000 log_level=INFO, pid=27948, tid=Thread-7, file=ta_opseclea_data_collector.py, func_name=get_contents, code_line_no=392 | [input_name="tfnsw-fw-logs" connection="SplunkLEA-Cisco" data="fw"] Successfully indexed events: 0 2019-04-02 09:29:44,915 +0000 log_level=INFO, pid=27948, tid=Thread-13597, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="tfnsw-fw-audit-logs" connection="SplunkLEA-Cisco" data="audit"] :opsec_sslca_file ("/opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/certs/SplunkLEA-Cisco_2473663670.p12") 2019-04-02 09:29:44,915 +0000 log_level=INFO, pid=27948, tid=Thread-13599, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="tfnsw-fw-logs" connection="SplunkLEA-Cisco" data="fw"] :auth_type (sslca) 2019-04-02 09:29:44,915 +0000 log_level=INFO, pid=27948, tid=Thread-13597, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="tfnsw-fw-audit-logs" connection="SplunkLEA-Cisco" data="audit"] :opsec_sic_name ("CN=,O=") 2019-04-02 09:29:44,915 +0000 log_level=INFO, pid=27948, tid=Thread-13599, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=75 | [input_name="tfnsw-fw-logs" connection="SplunkLEA-Cisco" data="fw"] :auth_port (18184) ... View more