Trying to deploy Check_Point_LEA_Event_Collector_4411_AllWin_RHEL456_EN
Created: 19 Jan 2012 | 4 comments
Hi,
I'm trying to deploy Check_Point_LEA_Event_Collector_4411_AllWin_RHEL456_EN but when deploying it I get this error:
ERROR 2012-01-19 12:13:51,935 Collectors.3608.wGroup.[workinggroup0].Sensor.[CheckPointLea] Thread-6115 OpsecLeaSensor(CheckPointLea) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
WARN 2012-01-19 12:13:51,935 Collectors.3608.wGroup.[workinggroup0].SensorThread Thread-6115 [Sensor: CheckPointLea] Exception in Sensor thread while reading device. Details:
java.lang.Exception: OpsecLeaSensor(CheckPointLea) error in readDevice(). Sensor will be reopened. Details: Unknown exception.
at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:379)
at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:212)
at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:292)
at java.lang.Thread.run(Thread.java:662)
The agent machine is on windows 2008 R2 platform.
Thanks
Discussion Filed Under:
Comments
Hi Doritbr, Have you gone
Hi Doritbr,
Have you gone through the kb's available over net for the prob you are facing and most important is the Symantec™ Event Collector 4.3 for Check Point® FireWall-1 Quick Reference Guide....
Go through the below links
https://www-secure.symantec.com/connect/forums/ssi...
http://web.mst.edu/~kfl/SSIM/Very%20Old/SEC_for_Ch...
.......................................
Please elaborate the problem you are facing in detail...
Hi, Are you successfully
Hi,
Are you successfully able to fetch the certificate from checkpoint or either trust established?
If you check the Opsec communication configuration on the Checkpoint SmartDashboard you see that the status has changed to “Trust Established”.(I have attached screenshot for your reference)
However sometimes there is an issue with the SSIM appliance pulling the certificate from the Checkpoint firewall. This can be for a number of reasons including communication issues but a common issue I have observed is that the permissions on the binary that pulls the certificate from the LEA server are incorrect.
Please confirm the same.
And if possible then enable DEBUG logging & provide with fresh logs. following is the procedure for the same.
./agentmgmt.sh
SSIM Collector / Agent Management Scripts
1. Show Agent Status
2. Flush Agent Queue
3. Reload Agent Config
4. Force Agent to Check-In (Heartbeat)
5. Force Agent to send its Software Inventory and State Updates
6. View Log Files
7. Force Rebootstrap of Agent to SSIM
8. Gather Data for Technical Support
9. Enable/Disable Collector Debug
10. Start the Agent
11. Stop the Agent
12. Quit
Select an option and press the enter key to execute.
9
SESA Data Gathering and Information Utility
Version: 4.5.0.3
The collector logs have been set for log4j.level=DEBUG
Press any key to continue...
hope this helps!!
Regards,
Avkash K
Helpfull Link: Configuring
Helpfull Link:
Configuring the Checkpoint Collector for Checkpoint SmartCenter using Secure Platform:
http://www.symantec.com/docs/TECH94064
Regards,
Avkash K
Also try liveupdate for your
Also try liveupdate for your collector &
Can you confirm ownership of the files in the collectors/checkpoint directory - are they owned by root? what about the SSIM Agent files or the certs directory structure?
And check if you have done fwstop & fwstart after doing opsec changes.
because in many checkpoint issue ,problem goes after resarting these services or reconfiguring opsec on checkpoint.
Regards,
Avkash K
Would you like to reply?
Login or Register to post your comment.