Solved: Re: Issue with CheckPoint logs (Splunk_TA_opseclea...

soc_bt_france · ‎04-07-2014

Hello There ,

I'am running Splunk v6 on a VM(Debian) and i'm trying to get the logs from my CheckPoint firewalls.

I have set up a SIC between the CMA and the Splunk App , and configured the new input with the splunk Gui.

The link is showed as "enabled"

Unfortunately , i get no logs and have the following error ( every hours )

msg="A script exited abnormally" input="/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity XXXXXXXXXXX" stanza="default" status="exited with code 1

Could you help me ?

Regards ,

soc_bt_france · ‎04-07-2014

Hello There ,

I figured how to solve this problem.

This error may happen if your SIC name in the Splunk interface is not the same as the one in the CheckPoint dashboard .

Regards ,

View solution in original post

soc_bt_france · ‎04-07-2014

Hello There ,

I figured how to solve this problem.

This error may happen if your SIC name in the Splunk interface is not the same as the one in the CheckPoint dashboard .

Regards ,

Issue with CheckPoint logs (Splunk_TA_opseclea_linux22)

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?