Hi,
I am trying to get logs from Check Point Firewall into our Splunk server.
We have a cluster of 2 UTM-1 Firewalls managed by a Smart-1.
Firewall Logs are being sent to the Smart-1.
All Checkpoint are running R75.20.
I have configured Splunk OPSEC LEA-Loggrabber to connect to the Smart-1 to grab the logs according to the guide from http://splunk-base.splunk.com/apps/22386/opsec-lea-for-check-point-linux
Everything seems well except i do not see any data with sourcetype=opsec on Splunk.
Will anyone be able to assist with my set up?
I will be glad to provide more info.
Thanks,
Alvin
... View more