Transition from LEA to Log Exporter

To move from the existing LEA connector to the new Log Exporter:

1. In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., delete the OPSEC application object if it is the only use for the OPSEC application. If not, remove the LEA client entity.

   

2. If this is the only OPSEC LEA client, configure the $FWDIR/conf/fwopsec.conf file to not allow LEA:

   1. Connect to the command line on the Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. / Log Server Dedicated Check Point server that runs Check Point software to store and process logs. with Log Exporter.

   2. Log in to the Expert mode.

   3. Back up the current file:

      cp -v $FWDIR/conf/fwopsec.conf{,_BKP}

   4. Edit the current file:

      vi $FWDIR/conf/fwopsec.conf

   5. Comment out these lines (add the # character in the beginning):

      From	To
      lea_server auth_port 18184	# lea_server auth_port 18184
      lea_server port 0	# lea_server port 0

   6. Save the changes in the file and exit the editor.

3. Configure the Log Exporter settings in one of these ways:

   • In SmartConsole - Configuring Log Exporter in SmartConsole

   • In CLI - see Configuring Log Exporter in CLI

Note - Reading logs through LEA, which were configured manually in the SmartLog custom settings file, is not available in R80.x.