This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to run the Check Point collection service from command line for troubleshooting on an RSA Security Analytics or NetWitness Platform Log Collector

Article Number

000001338

Applies To

RSA Product Set: Security Analytics, NetWitness Logs & Network
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.x, 11.x
Platform: CentOS
OS Version: EL6, El7

Issue

How to run the Check Point collection service from the command line for troubleshooting on an RSA Security Analytics or NetWitness Log Collector.

Resolution

The NwCheckpointProcess program is used by the NwLogCollector to collect events from Checkpoint servers using the OPSEC LEA API. It can also be used as a command-line utility to probe a Checkpoint server, verifying connectivity and debugging connection problems. The following is an example of the syntax:

/usr/sbin/NwCheckpointProcess --ip 192.168.1.1 --name Test --port 18184 --sdn CN=MyCheckpoint,o=test.lab.org --cdn CN=enVision_OPSEC,o=test.lab.org --cen enVision_OPSEC --kfp /etc/netwitness/ng/truststore/MyCertificate.p12 --count 10 --time 120 --timeout 30

There are some options to the NwCheckpointProcess that have no value. The presence of the option causes a configuration action. For example, to show the log files on the server, the following would be entered: NwCheckpointProcess --showlogs

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Notes

The text below is an example of the NwCheckpointProcess --help output.
 


General:
  --help                show help
  --debug               verbose output for Nw Checkpoint Process
  --odebug              verbose output for OPSEC LEA protocol
  --config arg          configuration file

Required:
  --name arg            checkpoint server name
  --ip arg              checkpoint server ip
  --port arg            server port
  --sdn arg             server distinguished name
                        obtained from the Checkpoint Management Console
                        For example:
                           cn=cp_mgmt,o=cpfw.cpfw.abc.net.ckbe7u
  --cdn arg             client distinguished name
                        this is obtained from the Checkpoint Management Console
                        For example:
                           CN=NEXTGEN1,O=cpfw.cpfw.abc.net.ckbe7u
  --cen arg             client entity name
                        obtained from the Checkpoint Management Console when
                        creating the client
  --kfp arg             key file path (obtained by using the utility
                        opsec_get_key

Optional:
  --audit               Read the audit records
  --online              Continue to read the next log file when the end of the
                        current one is reached
  --offline             Stop reading when the end of the current log file is
                        reached
  --timeout arg         Time period (seconds) in which if no events are
                        collected, the session is ended
  --count arg           Events to collect before ending the session
  --time arg            Time to collect (seconds) before ending the session
  --file arg            The file id to read from
  --log arg             The log file name to read from
  --record arg          The record to start reading from
  --start               Start reading from the start of the file
  --end                 Start reading from the end of the file
  --showlogs            Show logs on checkpoint server
  --showfiles           Show files on checkpoint server
  --pretty              Format event output
  --forwarder           forwarding i.e. replace *deviceAddr with orig or
                        reverse lookup of orig_name if it exists
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-10 02:10 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.