Getting Data In

How do I find the DN of the Checkpoint log manager object in Checkpoint R75.40?

dturnbull_splun
Splunk Employee
Splunk Employee

In the documentation for LEA loggrabber it says I need to get the opsec_entity_sic_name however it's no longer given in the Checkpoint GUI.

How do I find out the right opsec_entity_sic_name?

1 Solution

dart
Splunk Employee
Splunk Employee

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

View solution in original post

Chubbybunny
Splunk Employee
Splunk Employee

Alternatively, if SSH access is unavailable, use the Check Point Database Tool application to locate it, GuiDBedit (C:\Program Files\CheckPoint\SmartConsole\R75.40\PROGRAM\GuiDBedit.exe)

Expand the Network Objects branch.
Select the network_objects table.
Select the desired object by either scrolling down the list of Field Names to find the sic_name field near the end of the list, or by searching for the sic_name field. Enter the sic_name value in the OPSEC client configuration. For example, CN=cp_mgmt_HareServer,O=Chubbybunny..n55nc3

dart
Splunk Employee
Splunk Employee

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

dart
Splunk Employee
Splunk Employee

A likely default will be of the form : CN=cp_mgmt,O=org..a12bc3

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...