- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- LEA Client don't connect to Check Point OPSEC LEA ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello all,
I try to create connection from LEA client to Check Point OPSEC LEA Server,
Connection Details > Certificate > SID Details
Select "I need to get a new certficate"
Lea App Name : SplunkLEA
One-time Password : 123456
Management Server : 192.168.1.10
After click "Next", received "Server error".
I check $SPLUNK_HOME/var/log/splunk/web_service.log , find the error:
2014-08-01 15:28:04,982 ERROR [53db4184f97f51ec320810]
2014-08-01 15:28:05,325 ERROR [53db4185517f51ec320b10]
Does anyone meet the problem?
Thanks for your help.
Tao
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i am facing the same issue even though i have installed the latest glibc and pam. I am quite sure i did it right because when I ran /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh, theer was an error . but now all i got is
[splunk@pucu-spf-44 bin]$ /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
unknown parameter ../certs/
CheckPoint 2001. Getting an object's certificate. Works once per certificate.
Usage: opsec_pull_cert -h host -n object-name -p passwd [-o cert_file] [-od dn_file]
-p is the one-time-password given in the SmartDashboard when defining this entity.
-o is for the output certificate file. default is "($OPSECDIR/)opsec.p12".
-od is for the output sic name (one line text file).
A relative path filename will be concatenated to OPSECDIR env variable (if exists).
and in ** opsec.log** still the same
2015-06-25 03:25:04,408 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
2015-06-25 03:25:27,508 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, afer install pam.i686 and glibc.i686 , connect to smartcenter is ok.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
