Configuring SmartEvent to use a Non-Standard LEA Port

You can get logs from and send logs to a third-party Log Server. The Check Point Log Server and the third party Log Server use the LEA (Log Export API) protocol to read logs. By default, the Check Point Log Server uses port 18184 for this connection. If you configure the Log Server to use a different LEA port, you must manually configure the new port on the SmartEvent Server and on the SmartEvent Correlation Unit.

Note- This procedure is not relevant if you use Log Exporter.

To change the default LEA port:

1. Open $INDEXERDIR/log_indexer_custom_settings.conf in a text editor.
2. Add this line to the file:

   :lea_port (<new_port_number>)

3. In the SmartEvent client, configure the new port on the Correlation Unit.
4. In Policy tab > Correlation Units, configure the Correlation Unit to read logs from the local Log Server (on the SmartEvent Server).
5. Configure the new port on the SmartEvent Server:
   1. In Policy tab > Network Objects, double-click the SmartEvent Server object.
   2. Change the LEA port No. parameter to <new_port_number>.
6. Install the Event Policy on the Correlation Unit: Actions > Install Event Policy
7. On the SmartEvent Server:
   1. Run: cpstop
   2. Open $FWDIR/conf/fwopsec.conf in a text editor.
   3. Change these parameters:

      lea_server auth_port <new_port_number>
lea_server port 0

   4. Run: cpstart