Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- About gskorski
gskorski
Explorer
Member since:
11-10-2011
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 2 |
| Member Since | 11-10-2011 |
Activity Feed
- Got Karma for Issue with Palo Alto apps. 06-05-2020 12:46 AM
- Got Karma for Re: Issue with Palo Alto apps. 06-05-2020 12:46 AM
- Posted Re: OPSEC LEA - opsec_putkey fail on Getting Data In. 09-25-2012 01:15 AM
- Posted OPSEC LEA - opsec_putkey fail on Getting Data In. 07-06-2012 07:19 AM
- Tagged OPSEC LEA - opsec_putkey fail on Getting Data In. 07-06-2012 07:19 AM
- Tagged OPSEC LEA - opsec_putkey fail on Getting Data In. 07-06-2012 07:19 AM
- Posted Re: Issue with Palo Alto apps on Getting Data In. 03-08-2012 08:50 AM
- Posted Re: Issue with Palo Alto apps on Getting Data In. 03-05-2012 03:35 AM
- Posted Issue with Palo Alto apps on Getting Data In. 03-02-2012 07:33 AM
- Tagged Issue with Palo Alto apps on Getting Data In. 03-02-2012 07:33 AM
- Tagged Issue with Palo Alto apps on Getting Data In. 03-02-2012 07:33 AM
- Tagged Issue with Palo Alto apps on Getting Data In. 03-02-2012 07:33 AM
- Posted Re: No Data in Palo Alto App on All Apps and Add-ons. 03-01-2012 08:18 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 |
07-06-2012
07:19 AM
Hi,
I'm trying to configure Splunk with Checkpoint.
I have an error during the opsec_putkey on the splunk server :
Without the debug option:
root@splk01:linux22# ./opsec_putkey -ssl -port 18184 10.1.2.14
Please enter secret key:
Please enter secret key again:
FW: Received new control security key from 10.1.2.14
Failed to initialize authentication with 10.1.2.14
With the debug option :
root@splk01:/linux22#./opsec_putkey -debug -ssl -port 18184 10.1.2.14
Please enter secret key:
Please enter secret key again:
[ 2047]@splk01 PM_policy_create: version 5301.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: () names. finished successfully.
[ 2047]@splk01 PM_policy_create: finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: (local_sic_name) names. finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: (127.0.0.1) names. finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: ("OPSECPUTKEY") names. finished successfully.
[ 2047]@splk01 PM_apply_default_dn: finished successfully.
[ 2047]@splk01 setting fwa1 init password for 10.1.2.14 (10.1.2.14)
[ 2047]@splk01 peers addresses are
[ 2047]@splk01 127.0.1.1
[ 2047]@splk01 10.1.1.75
[ 2047]@splk01 sic_client_do_connect: no server sic name supplied, server sic name is unknown.
[ 2047]@splk01 fwasync_conn_params: <a01014b,50948> -> <a01020e,18184>
[ 2047]@splk01 fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[ 2047]@splk01 fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[ 2047]@splk01 sic_client_set_version: 6: protocol version is 59000000
[ 2047]@splk01 call_handlers_list: no conversion done, set cn=cp_mgmt,o=eminem..vyysgi as sic name
[ 2047]@splk01 PM_session_init: given session O(OPSECPUTKEY;cn=cp_mgmt,o=eminem..vyysgi;18184;ssl_opsec).
[ 2047]@splk01 PM_policy_query: input session O(OPSECPUTKEY;cn=cp_mgmt,o=eminem..vyysgi;18184;ssl_opsec).
[ 2047]@splk01 PM_policy_query: rule found (ANY;ANY;ANY;ssl_opsec;ssl(1/1)).
[ 2047]@splk01 PM_policy_query: finished successfully. 1st method = ssl
[ 2047]@splk01 PM_policy_choose: finished successfully. choose: ssl.
[ 2047]@splk01 peers addresses are
[ 2047]@splk01 10.1.2.14
[ 2047]@splk01 resolver_gethostbyaddr: Performing gethostbyaddr for 10.1.2.14
[ 2047]@splk01 fwa1 peername for 10.1.2.14 is 10.1.2.14
[ 2047]@splk01 ckpSSL_PrepareConnection: verify mode: 1
[ 2047]@splk01 My SSL Ciphers:
[ 2047]@splk01 Cipher List:
[ 2047]@splk01 0: ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
[ 2047]@splk01 1: ADH-RC4-MD5 SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5
[ 2047]@splk01 ckpSSL_NegotiateStep: current state = before/connect initialization
[ 2047]@splk01 is_initialized: new process or forked
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 fwrand_write_seed: Failed to read seed
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 fwrand_write_seed: Failed to write seed: Operation not permitted
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 ckpSSL_fwasync_connected: no connections err -3
[ 2047]@splk01 ckpSSL_fwasync_close: start shutdown
[ 2047]@splk01 ckpSSL_ShutdownHandler: (0) SSLv2/v3 read server hello A
[ 2047]@splk01 ckpSSL_Destroy: close fd 6
Failed to initialize authentication with 10.1.2.14
[ 2047]@splk01 T_event_mainloop_e: T_event_mainloop_iter returns 0
... View more
- Tags:
- checkpoint
- opsec-lea
03-08-2012
08:50 AM
1 Karma
I know that.
The sourcetype is well configured as pan_log, and I can find THREAT, TRAFFIC, CONFIG and SYSTEM keyword in the logs but the app doesn't display anything.
... View more
03-05-2012
03:35 AM
The issue is that the sourcetype is not renamed. So the application doesn't find any logs.
... View more
03-02-2012
07:33 AM
1 Karma
I have an issue with the Palo Alto apps.
It seems that the transforms doesn't work.
I can see my Palo Alto logs in the search apps but nothing in the Palo Alto apps.
I'm running the latest version 1.2.0 and Splunk v4.3.
Can you help me?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
