Getting Data In

LEA Client don't connect to Check Point OPSEC LEA Server

idiota
Loves-to-Learn Lots

Hello all,

I try to create connection from LEA client to Check Point OPSEC LEA Server,

Connection Details > Certificate > SID Details
Select "I need to get a new certficate"
Lea App Name : SplunkLEA
One-time Password : 123456
Management Server : 192.168.1.10

After click "Next", received "Server error".

I check $SPLUNK_HOME/var/log/splunk/web_service.log , find the error:
2014-08-01 15:28:04,982 ERROR [53db4184f97f51ec320810] :522 - params: {'model': u'{"opsec_host":"192.168.1.10","conn_name":"Splunk","opsec_app_name":"SplunkLEA","opsec_key":"123456"}'}
2014-08-01 15:28:05,325 ERROR [53db4185517f51ec320b10] :522 - params: {'model': u'{"opsec_host":"192.168.1.10","conn_name":"Splunk","opsec_app_name":"SplunkLEA","opsec_key":"123456"}'}

Does anyone meet the problem?

Thanks for your help.

Tao

Tags (2)
0 Karma
1 Solution

Chubbybunny
Splunk Employee
Splunk Employee

I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh

To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements

View solution in original post

0 Karma

Chubbybunny
Splunk Employee
Splunk Employee

I ran into the same problem and found that our Operating System was missing the required PAM shared libraries and GNU C library to execute the 'opsec pull cert' command located in: $SPLUNK_home/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh

To resolve the issue, simply install the following packages as mentioned in the following doc:
http://docs.splunk.com/Documentation/OPSEC-LEA/latest/Install/Systemrequirements

0 Karma

d646800
Explorer

i am facing the same issue even though i have installed the latest glibc and pam. I am quite sure i did it right because when I ran /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh, theer was an error . but now all i got is

[splunk@pucu-spf-44 bin]$ /opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/pull-cert.sh
unknown parameter ../certs/

CheckPoint 2001. Getting an object's certificate. Works once per certificate.

Usage: opsec_pull_cert -h host -n object-name -p passwd [-o cert_file] [-od dn_file]
-p is the one-time-password given in the SmartDashboard when defining this entity.
-o is for the output certificate file. default is "($OPSECDIR/)opsec.p12".
-od is for the output sic name (one line text file).
A relative path filename will be concatenated to OPSECDIR env variable (if exists).

and in ** opsec.log** still the same
2015-06-25 03:25:04,408 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}
2015-06-25 03:25:27,508 [ERROR] [] params: {'model': u'{"opsec_host":"10.95.3.6","conn_name":"tcxf2-lon_primary","opsec_app_name":"SplunkLea","opsec_key":"$91u^k15"}'}

0 Karma

idiota
Loves-to-Learn Lots

Thanks, afer install pam.i686 and glibc.i686 , connect to smartcenter is ok.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...