资 源 简 介
This is code to allow interaction between splunk and a checkpoint server via the LEA OPSEC SDK. It is a derivative work of the open source FW1-Loggrabber which can be obtained from http://fellhauer-web.de/projects/fw1-loggrabber-old.html.
The OPSEC SDK can be obtained from: http://www.opsec.com/cpproducts/opsecsdk.html#key (For convenience it is also included in this tar.gz download.)
The README file explains the process of setting up the checkpoint server and appropriate configs. The configs are for splunk 4.x and above.
NOTE: The SDK libraries provided by checkpoint are 32 bit. In order to use the linux Makefiles you probably need to be on a 32 bit box. Our makefiles statically link to these to generate the binaries which run on 32/64 bit.
If you would like to compile on a 64 bit linux box, you would probably have to modify the Makefile. (probably a -m32 flag etc.)