Closing this box indicates that you accept our Cookie Policy.
If you run into troubles when you hit this bit:
<snip>
To retrieve this key, on the Solaris box:
cd opsec-tools/<solaris2> opsec_putkey -ssl -port 18184 <Source IP address of checkpoint box>
</snip>
try using this syntax instead:
<snip>
opsec_putkey -ssl -port fw <source ip of the checkpoint box>
</snip>
Also, if you are trying to pull logs off of a Provider-1 instance and have difficulties accessing a CMA check the following:
0 - mdsenv to the CMA in question
1 - modify the $CPDIR/conf/sic_policy.conf and find these lines:
#LEA:
ANY ; ANY ; 18184 ; fwn1_opsec ; fwn1, local_ipcheck
and change it to read:
ANY ; ANY ; 18184 ; ssl_opsec ; ssl, fwn1, local_ipcheck
Restart the CMA, restart Splunk, and you should see the LEA connector start working with the CMA.
--TDarley 03:25, 12 November 2009 (PST)
I am attempting to set this up. I am using a Ubuntu 8.04 server VM with Splunk installed and trying to extract logs from a R65 Checkpoint Appliance. I have followed the documentation. The two machines are communicating but there are no logs being indexed in the Splunk server.
Has anybody been able to get this to work?
hi Brian,
this sounds like something you could ask about in the Splunk irc channel on efnet:
efnet.org / #splunk
Rachel 11:42, 13 August 2009 (PDT)