How should configure my splunk CheckPoint application to retrieve all customer logs with MDS???

My environment consists of CheckPoint Provider1 MDS/CMA/CLM: I'm running a MDS (MultiDomainServer) with multiple customer environments (CMA). However, all log traffic is sent back to our central log repository (CLM). Question is: How should configure my splunk CheckPoint application to retrieve all customer logs???

asked 05 Jan '12, 12:39

jbsplunk ♦
10.6k●1●6●25
accept rate: 48%

One Answer:

oldest newest most voted

To retrieve CheckPoint logs from our CLM we did this:

create the OPSEC application on the MDS
push the OPSEC application to the CMA and CLM
run the opsecpullcert using SSLCA against the MDS
retrieve the SIC of the OPSEC application and CLM
configure lea.conf using the OPSEC application and CLM SIC name
configure lea.conf to pull logs from the CLM
configure lea.conf to use auth_type SSLCA

link

answered 05 Jan '12, 13:30

Chubbybunny
1.3k●2●8
accept rate: 72%

edited 01 May, 13:51

Thanks, these were exactly the steps I needed!

(05 Jan '12, 13:37) jbsplunk ♦

you Betcha!!!

(05 Jan '12, 13:38) Chubbybunny

In step 2. "push the OPSEC application to the CMA and CLM" should be revised to: "Install the database to the CMA"

*thanks for the correction Mahesh!!!

(15 Jun '12, 12:00) Chubbybunny

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

Asked: 05 Jan '12, 12:39

Seen: 830 times

Last updated: 01 May, 13:51

How should configure my splunk CheckPoint application to retrieve all customer logs with MDS???

Follow this question

Splunk Resources

Related questions