Hello,
We are a consulting firm and I am assessing the Splunk solution for one of my customer.
The LEA application for Checkpoint is not working correctly : each time the script is called, it downloads the complete fw.log file. It results with a huge data indexing activity - and license expiration warnings!
I assume the script should normally download the difference since last LEA download.
Could somebody help to clarify how it works and what might going wrong with our installation?
Your help appreciated. Many thanks.
Laurent
... View more