Hello,
Sorry if this is a repost! I wrote a question this morning and it went for moderation and has disappeared from my account.
**Setup:**
Centos7(64) with pam.i686 and gclibd.i686 - Splunk 6.5.2 - Checkpoint_splunk_TA 4.1.0(build 1) - iptables permitted 18184 18210
Checkpoint R77.30 on Gaia Single management (smartcentre) server that is the one and only log host. Not running provider-1.
**Problem:**
I have followed the document carefully and i have successfully pulled the certificate from checkpoint, and established SIC. I have created the connection, but never receive any logs and get this error:
[root@localhost bin]# ./splunk btool check
Invalid key in stanza [schq] in /opt/splunk/etc/apps/Splunk_TA_checkpoint-opseclea/local/opseclea_connection.conf, line 9: management_server_ip (value: 10.10.10.38).
The file is:
[schq]
cert_name = schq_2654242918.p12
fw_version = R77
lea_app_name = SplunkLEA
lea_server_auth_port = 18184
lea_server_auth_type = sslca
lea_server_ip = 10.10.10.38
lea_server_type = primary
management_server_ip = 10.10.10.38
opsec_entity_sic_name = CN=cp_mgmt,O=schq.domain.com.fjj4jw
opsec_sic_name = CN=SplunkLEA,O=schq.domain.com.fjj4jw
disabled = 0
I have read all of the anserws i could find and all of the troublshooting in: http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Setup2 but im stuck.
I would be very happy for any help you can offer.
Thanks
↧