Hello everyone:
I installed the Splunk Add-on for Check Point OPSEC LEA (https://splunkbase.splunk.com/app/3197/)
I followed all the installation steps, but it gives me the following connection error:
2016-12-20 15:03:18,130 +0000 log_level=ERROR, pid=23280, tid=Thread-9, file=ta_opseclea_data_collector.py, func_name=get_logs, code_line_no=62 | [input_name="CheckPoint" connection="CheckPoint_mgmt" data="fw"]log_level=0 file:lea_loggrabber.cpp func_name:check_session_end_reason code_line_no:2159 :Session end reason: SIC ERROR 119 - SIC Error for lea: Client could not choose an authentication method for service lea
My opseclea_inputs.conf is
[CheckPoint]
connection = CheckPoint_mgmt
data = fw
host = xxx.xxx.xxx.xxx
index = checkpoint_test
interval = 30
mode = offline
noresolve = 1
disabled = 1
And the opseclea_connection.conf is
[CheckPoint_mgmt]
cert_name = CheckPoint_mgmt_20361674.p12
fw_version = R77
lea_app_name = SplunkLEA
lea_object_name =
lea_server_auth_port = 18184
lea_server_auth_type = sslca
lea_server_ip = xxx.xxx.xxx.xxx
lea_server_type = primary
management_server_ip = xxx.xxx.xxx.xxx
opsec_entity_sic_name = CN=cp_mgmt,O=fwmgmt..nnc98w
opsec_sic_name = CN=SplunkLEA,O=fwmgmt..nnc98w
disabled = 0
Where's the problem??
Regards
... View more