Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rajput_Arvind
Contributor

Splunk Support with R80.10

Hi All,

 

We are upgrading MDS from R77.30 to R80.10. Currently Splunk is integrated with R77.30 MDS. Do we need to perform any step on R80.10 MDS to make the Splunk work with R80.10 CMA. Some document says Splunk Add-On for Checkpoint needs to be installed on Splunk itself. But some document says Log exporter also needs to be installed on R80.10 MDS. Please share your thoughts.

 

Thanks,

Arvind Singh

0 Kudos
3 Replies
Martin_Valenta
Advisor

Nothing is required, if you don't move from OPSec to LogExporter, you don't need to change anything.
0 Kudos
G_W_Albrecht
Legend Legend
Legend

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Dorit_Dor
Employee
Employee

Why do you move to R80.10 now? In my view customers that move now should move to at least R80.20 (or even R80.30). 

The GW of R80.20 is dramatically better than the R80.10 (performance and scale as well as other i/s enhancements) and R80.30 is better if you use SSL. So i recommend GW upgrade to R80.20 and above and not to R80.10. 

Mgmt is less dramatic in difference but still in r80.10 there is special vsec private support and special hot fix for log exporter. All are fully built in R80.20 which is nearly one year in the market. Going directly to R80.20 is a safe step (btw we have more mgmt r80.20 at this point than R80.10 and than R70.30). 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events