![splunk server conf splunk server conf](https://miro.medium.com/max/1280/1*5moB2JH1QDSQDA3hVLIMfQ.png)
#Splunk server conf activation key#
Click on Communication in the LEA configuration screen and enter a one time password for the activation key it will respond with a DN. Add an entry for SplunkLEA (vendor: user-defined, make sure to click LEAģ. In the CheckPoint Smart Dashboard, click on Manage -> Servers and OPSEC applications.Ģ. You must add a LEA OPSEC server to the Checkpoint configuration.ġ. You must add a rule to accept FW1_lea traffic. Restart the FW1 engine using the following commands:įor this to work you must enable an FW1_ica_pull (accept) rule in the main Checkpoint configuration. Edit $FWDIR/conf/nf and add the following lines to enable the LEA service:ģ. Log into the box running the Checkpoint Management Server.Ģ. The LEA client must communicate with a LEA Server. If you are comfortable with Checkpoint configuration, you may skip over this section. Note: If you are installing it on 64-bit Debian linux you will also need the ia32 libs (run 'apt-get install ia32-libs') in addition to the other instructions. Instructions for a Linux installation are identical. The instructions below are for a Solaris box. The and packages contain all the necessary files to create an OPSEC LEA application to drop into Splunk 3.3 or later. If you choose to use these binaries, you would still need to generate the opsec.p12, sslauthkeys.C, sslsess.C files (refer to the section Checkpoint Firewall Modification) and place them in the bin dir.įirst, follow instructions to set up CheckPoint and populate the lea.conf Then, follow instructions under INSTALLATION. NOTE: The default Applications come with pre-compiled binaries.
#Splunk server conf how to#
The following instructions describe how to pull logs from the Checkpoint firewall via an SSL connection. Both have a guide available on Splunk Docs. If using Solaris, you'll need the Solaris version of it. NB: There is now a Splunk app to manage the below setup using a graphical user interface on Linux Splunk instances.
![splunk server conf splunk server conf](https://www.powerconnect.io/wiki/wp-content/uploads/2020/03/KB016-Splunk-SettingupaCAsignedcertificateinSplunk21-768x662.jpg)
This package contains all the necessary files to create an OPSEC LEA bundle to drop into Splunk 3.3 or later.
![splunk server conf splunk server conf](https://www.powerconnect.io/wiki/wp-content/uploads/2017/07/AddingCAsignedcertificateresetAPIport-img8-705x518.png)
*This page refers to lea-loggrabber 1.0 which is no longer supported, please refer to the following link for the latest up to date documentation.