Hi,
I'm running Centos 6.7 with the latest Splunk 6.2 and version 3.1 of the OPSEC LEA Loggrabber against an R77.30 Checkpoint management box in the same LAN segment.
It set up absolutely fine, trust is established. All great.
So, I'm banging my head against the wall here. If I run [root@eulonlog01 bin]# ./lea-loggrabber.sh -debug , I get logs returned from Check Point, easy. It connects straight away, puts them up on the screen in terminal, so the the grabber is authenticating and retrieving logs fine.
However, ordinarily NOTHING shows up in Splunk. Nothing. If I manually run lea-loggrabber.sh, the session hangs till I ctrl-c it.
There is nothing in Splunkd.log or web_services.log.
What am I doing wrong? Any guidance or questions appreciated.
Thanks all,
Jim
... View more