New datasource for CheckPoint firewall LEA Application (OPSEC) does not receive logs as verified from the datasource.
Verify the SIC name using the command line on the checkpoint server.
SSH to the Check Point management server.
Switch to expert mode:
expert
When prompted, enter the password for expert.
Run the following command:
cpca_client lscert –kind SIC
Enter the sic name in the datasource properties in CloudSOC.
SpanVA health monitor logs can be collected by support logs the LEA client connection.
Possible errors:
NOTE: This is for SpanVA 1.15.3.153 version. 1.15.3.160 version is not supported for LEA. See KB 380415 for details about .160 support.