Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Change the source of an OPSEC LEA connection

deeades
New Member
‎01-12-2018 08:48 AM

We are using the Splunk Add-on for Check Point OPSEC LEA and it is working ok. We need to change the log source host/IP that this LEA connection is using. I changed the host of the input but it still was pulling from the old source. I verified this by doing a tcpdump on the old Check Point management server. I then disabled and then enabled the input to see if that would force it to use the new host. I did see the LEA connection stop on the old Check Point management server when I disabled this input and then it started again on the old management server when I enabled the input. It seems like I may be missing an additional configuration or setting that may need to be changed to point to the new management server for this LEA connection.

Thanks.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...