The NwCheckpointProcess program is used by the NwLogCollector to collect events from Checkpoint servers using the OPSEC LEA API. It can also be used as a command-line utility to probe a Checkpoint server, verifying connectivity and debugging connection problems. The following is an example of the syntax:
/usr/sbin/NwCheckpointProcess --ip 192.168.1.1 --name Test --port 18184 --sdn CN=MyCheckpoint,o=test.lab.org --cdn CN=enVision_OPSEC,o=test.lab.org --cen enVision_OPSEC --kfp /etc/netwitness/ng/truststore/MyCertificate.p12 --count 10 --time 120 --timeout 30
There are some options to the NwCheckpointProcess that have no value. The presence of the option causes a configuration action. For example, to show the log files on the server, the following would be entered: NwCheckpointProcess --showlogs
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
The text below is an example of the NwCheckpointProcess --help output.
General: --help show help --debug verbose output for Nw Checkpoint Process --odebug verbose output for OPSEC LEA protocol --config arg configuration file Required: --name arg checkpoint server name --ip arg checkpoint server ip --port arg server port --sdn arg server distinguished name obtained from the Checkpoint Management Console For example: cn=cp_mgmt,o=cpfw.cpfw.abc.net.ckbe7u --cdn arg client distinguished name this is obtained from the Checkpoint Management Console For example: CN=NEXTGEN1,O=cpfw.cpfw.abc.net.ckbe7u --cen arg client entity name obtained from the Checkpoint Management Console when creating the client --kfp arg key file path (obtained by using the utility opsec_get_key Optional: --audit Read the audit records --online Continue to read the next log file when the end of the current one is reached --offline Stop reading when the end of the current log file is reached --timeout arg Time period (seconds) in which if no events are collected, the session is ended --count arg Events to collect before ending the session --time arg Time to collect (seconds) before ending the session --file arg The file id to read from --log arg The log file name to read from --record arg The record to start reading from --start Start reading from the start of the file --end Start reading from the end of the file --showlogs Show logs on checkpoint server --showfiles Show files on checkpoint server --pretty Format event output --forwarder forwarding i.e. replace *deviceAddr with orig or reverse lookup of orig_name if it exists