My customer try OPSEC lea_loggrabber and getting error message saying that "Segmentation fault". Anyone having sillier issue before?
The lea_loggrabber client can encounter a "segmentation fault" for various reasons.
To gain a better understanding of the problem, you should elevate the OPSEC debugging level using the article below:
how-can-i-debug-my-lea-client-for-checkpoint
When the checkpoint add-on is trying to connect to the checkpoint server, it will try to resolve itself. When it is unable to do so, it will exit with a "segmentation fault" message.
Add a host entry with the hostname of Splunk server and its IP in /etc/hosts and the segmentation fault should go away.
If you are looking at getting logs from a Check Point you may want to take a look at this article. I'm also in the long process of creating a Check Point App for Splunk and it does use this method of getting the logs from the management server.
The lea_loggrabber client can encounter a "segmentation fault" for various reasons.
To gain a better understanding of the problem, you should elevate the OPSEC debugging level using the article below:
how-can-i-debug-my-lea-client-for-checkpoint