Hi guru,
Please help me to get Checkpoint r75.40 SPLAT log into LEM
I tried OPSEC/Check Point NG LEA Client but it fails to start
Many thanks
To clarify the uppercase/lowercase thing - it's critical that "cn" and "o" and then "CN" and "O" are case sensitive. Your OPSEC Name will likely be mixed case (whatever you configure on the CP side) and your server specific side is commonly lowercase. Most important that the CN/O cases aren't mixed, it causes weird issues and possibly failures. Safest is to copy/paste these values from the CP side, just in case.
Of all the connectors we have, the Check Point integration is one of the most complicated. We have details on this here:
SolarWinds Knowledge Base :: Integrating Check Point with SolarWinds LEM
There's a lot of settings on the Check Point side. On the LEM side, there's some tricks, which are in that document but let me highlight them as they seem to trip people up:
The Server DN field must be all lower-case.
The Client DN field must be all upper-case (though some people say mixed-case works too).
If you can get the connector running, it may be able to bring in the logs you care about, but getting it working first is key.
Hi Curtisi, Nicole,
Guru
Problem is solved now
Thanks a lot
We have gotten the checkpoint connector to work on the LEM, but are we able to see user activity level? curtisi
The connector will connect to both the 'admin' and the firewall logs, so you will see things like logons to your management station and policy pushes in addition to all the firewall blocks.
will i be able to see logs from users? similar to smartview tracker?
