Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Mauro_Conoscian
Participant

VPN Remote Access log doesn't show the user name

Trying to collect Remote Access VPN access info to send them via OPSEC to my splunk siem, however can't figure out whom user is logging cause I get the "*** Confidential ***" in the user_name field.

1 Reply
DeletedUser
Not applicable

Most likely the OPSEC Application doesn't have permissions to read log fields, i.e. check the OPSEC App LEA permissions tab or maybe the connection is configured to be clear rather than SSLCA. The answer is probably in sk101570: Some fields in logs on 3rd party LEA OPSEC client show "*** Confidential ***"

P.S. you may be interested in the new Splunk app that uses Log Exporter instead of LEA: *New* Splunk App for Check Point Logs

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events