Solved: Re: How do I find the DN of the Checkpoint log man...

dturnbull_splun · ‎09-11-2012

In the documentation for LEA loggrabber it says I need to get the opsec_entity_sic_name however it's no longer given in the Checkpoint GUI.

How do I find out the right opsec_entity_sic_name?

dart · ‎09-11-2012

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

View solution in original post

Chubbybunny · ‎01-25-2013

Alternatively, if SSH access is unavailable, use the Check Point Database Tool application to locate it, GuiDBedit (C:\Program Files\CheckPoint\SmartConsole\R75.40\PROGRAM\GuiDBedit.exe)

Expand the Network Objects branch.
Select the network_objects table.
Select the desired object by either scrolling down the list of Field Names to find the sic_name field near the end of the list, or by searching for the sic_name field. Enter the sic_name value in the OPSEC client configuration. For example, CN=cp_mgmt_HareServer,O=Chubbybunny..n55nc3

dart · ‎09-11-2012

Grep through the $FWDIR/conf/objects_5_0.C file and find the log server object, then find the sic_name field within the object definition. You'll most likely have an open SSH session to the Security Management Server already, so just take advantage of that.

dart · ‎04-12-2013

A likely default will be of the form : CN=cp_mgmt,O=org..a12bc3

How do I find the DN of the Checkpoint log manager object in Checkpoint R75.40?

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!