I recently installed the Splunk Add-on for Check Point OSPEC LEA application (2.0.2), and my logs are being indexed. However, I'm finding these errors in my splunkd logs. Ideas?
05-24-2013 09:07:21.906 -0700 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity SENTINEL-ONE_audit" WARNING: Illegal entry in configuration file: SHOW_FIELDNAMES="yes"
we've raised a product defect on this in 'OPSEC-109'
a quick easy fix to further prevent these errors:
/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/w1-loggrabber.conf: comment out line
#SHOW_FIELDNAMES="yes"
That should take care of the errors until a fix is out.
(\__/)
(='.'=)
(")_(")
we've raised a product defect on this in 'OPSEC-109'
a quick easy fix to further prevent these errors:
/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/w1-loggrabber.conf: comment out line
#SHOW_FIELDNAMES="yes"
That should take care of the errors until a fix is out.
(\__/)
(='.'=)
(")_(")
Hi Chubbybunny, what does SHOW_FIELDNAMES do?
Also, will this product defect be resolved by Splunk in a future version of the add-on?
Sure, just be sure to comment the bunny out too!!!
Do I need the bunny in the conf file too? 🙂