Solved: How do I find the DN of the Checkpoint log manager...

dturnbull_splun · ‎09-11-2012

In the documentation for LEA loggrabber it says I need to get the opsec_entity_sic_name however it's no longer given in the Checkpoint GUI.

How do I find out the right opsec_entity_sic_name?

dart · ‎09-11-2012

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

View solution in original post

Chubbybunny · ‎01-25-2013

Alternatively, if SSH access is unavailable, use the Check Point Database Tool application to locate it, GuiDBedit (C:\Program Files\CheckPoint\SmartConsole\R75.40\PROGRAM\GuiDBedit.exe)

Expand the Network Objects branch.
Select the network_objects table.
Select the desired object by either scrolling down the list of Field Names to find the sic_name field near the end of the list, or by searching for the sic_name field. Enter the sic_name value in the OPSEC client configuration. For example, CN=cp_mgmt_HareServer,O=Chubbybunny..n55nc3

dart · ‎09-11-2012

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

dart · ‎04-12-2013

A likely default will be of the form : CN=cp_mgmt,O=org..a12bc3

How do I find the DN of the Checkpoint log manager object in Checkpoint R75.40?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases