Collect log from CheckPoint OPSEC Lea to Splunk En...

mindterrian · ‎01-30-2019

Hi

How can i collect the CheckPoint OPSEC Lea on Splunk Enterprise that install on Windows OS?
Because this guide (https://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Hardwareandsoftwarerequirements) only support on Linux OS.

Thank you

vishaltaneja070 · ‎01-31-2019

Hello @mindterrian

As per the above document, the add-on supports on Linux in case if you are using Universal Forwarder to collect data.

If you are using any other component like search head or indexer , they can be on any platform.

mindterrian · ‎01-31-2019

Hello @vishaltaneja07011993

My environment is
Splunk Enterprise (Single Instance) install on Windows Werver 2012 R2 and install Splunk Add-on for Check Point OPSEC LEA already.
I can use this Splunk Server to collect log from Check Point via add parameter on Splunk Add-on for Check Point OPSEC LEA right?

Or i need to install Universal forwarder on Linux OS and install Splunk Add-on for Check Point OPSEC LEA after that i will collect log via Universal forwarder?

Thank you

mindterrian · ‎01-31-2019

I can use Splunk Enterprise (Single Instance) that install on Windows OS to collect log from Check Point OPEC LEA via install Splunk Add-on for Check Point OPSEC LEA and Add connect right?

or i should install universal forwarder on Linux OS and use Splunk Add-on for Check Point OPSEC LEA on Linux OS to collect log from Check Point?

dkeck · ‎01-31-2019

There is an alternate option where you can analyze checkpoint logs via syslog. This add-on will help you analyze Check Point logs on Windows.

https://splunkbase.splunk.com/app/2996/

Collect log from CheckPoint OPSEC Lea to Splunk Enterprise install on Windows OS

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life