Hello,
I have a question regarding the monitoring of several Checkpoint firewalls using the LEA-loggrabber add-on.
I must monitor 3 Checkpoints FW. The FW are managed with a Checkpoint Smartcenter.
I have setup LEA-loggrabber for one of the FW and it works fine. But as I am trying to monitor the 2 others, I wonder if I only need to add several lines in the lea.conf file (add their IP, their opsec_entity_sic_name, etc) or if I need to create a new data input into Splunk (kind of "duplicate the LEA-loggrabber add-on") and restart all the configuration from the beginning?
And as I'm using a SmartCenter, some of the steps described in "OPSEC LEA for Checkpoint" can't be done one more time, as files generated from those steps are unique (e.g. sslauthkeys.C and sslsess.C): it would break the functional node I think.
Does anyone already setup this?
Thanks.
... View more