Getting Data In

LEA Client don't connect to Check Point OPSEC LEA Server

idiota
Loves-to-Learn

Hello all,

I try to create connection from LEA client to Check Point OPSEC LEA Server,

Connection Details > Certificate > SID Details
Select "I need to get a new certficate"
Lea App Name : SplunkLEA
One-time Password : 123456
Management Server : 192.168.1.10

After click "Next", received "Server error".

I check $SPLUNK_HOME/var/log/splunk/web_service.log , find the error:
2014-08-01 15:28:04,982 ERROR [53db4184f97f51ec320810] :522 - params: {'model': u'{"opsec_host":"192.168.1.10","conn_name":"Splunk","opsec_app_name":"SplunkLEA","opsec_key":"123456"}'}
2014-08-01 15:28:05,325 ERROR [53db4185517f51ec320b10] :522 - params: {'model': u'{"opsec_host":"192.168.1.10","conn_name":"Splunk","opsec_app_name":"SplunkLEA","opsec_key":"123456"}'}

Does anyone meet the problem?

Thanks for your help.

Tao

Tags (2)
0 Karma
1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh

To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements

View solution in original post

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh

To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements

0 Karma

d646800
Explorer

i am facing the same issue even though i have installed the latest glibc and pam. I am quite sure i did it right because when I ran /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh, theer was an error . but now all i got is

[splunk@pucu-spf-44 bin]$ /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
unknown parameter ../certs/

CheckPoint 2001. Getting an object's certificate. Works once per certificate.

Usage: opsec_pull_cert -h host -n object-name -p passwd [-o cert_file] [-od dn_file]
-p is the one-time-password given in the SmartDashboard when defining this entity.
-o is for the output certificate file. default is "($OPSECDIR/)opsec.p12".
-od is for the output sic name (one line text file).
A relative path filename will be concatenated to OPSECDIR env variable (if exists).

and in ** opsec.log** still the same
2015-06-25 03:25:04,408 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
2015-06-25 03:25:27,508 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}

0 Karma

idiota
Loves-to-Learn

Thanks, afer install pam.i686 and glibc.i686 , connect to smartcenter is ok.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...