Hello everyone, Does someone make the OPSEC-LEA app work with Provider-1? The main difference here is that the logs are sent directly to the CLM, not to the CMA.
Thanks for your help.
Best Regards, Alex
Found the answer myself. I could help so I'm posting it there : Here is how it works :
The command became :
opsec_putkey -ssl -port fw <Source IP address of CLM>
Finnally, here is my lea.conf :
opsec_sic_name "CN=SplunkLEA,O=cma-xxxx"
opsec_sslca_file /opt/splunk/etc/apps/lea-loggrabber-splunk/bin/opsec.p12
lea_server ip <Source IP address of CLM>
lea_server auth_port 18184
lea_server auth_type ssl_opsec
lea_server opsec_entity_sic_name "CN=clm-xxxx"
Found the answer myself. I could help so I'm posting it there : Here is how it works :
The command became :
opsec_putkey -ssl -port fw <Source IP address of CLM>
Finnally, here is my lea.conf :
opsec_sic_name "CN=SplunkLEA,O=cma-xxxx"
opsec_sslca_file /opt/splunk/etc/apps/lea-loggrabber-splunk/bin/opsec.p12
lea_server ip <Source IP address of CLM>
lea_server auth_port 18184
lea_server auth_type ssl_opsec
lea_server opsec_entity_sic_name "CN=clm-xxxx"
has anyone been able to get the 2.0 version of SPLUNK OPSEC LEA working with this same Checkpoint architecture ?
Note that this applies to versions of the Splunk/OPSEC LEA integration prior to version 2.0.0.