I am using Splunk 5.03 installed on Ubuntu. I installed the OPSEC LEA App for Checkpoint log analysis. I was able to establish a connection with our Checkpoint firewall, but now the connection is showing "Never Connected" under the "last connection" field.
I used nc to verify that port 18184 is accessible from my workstation, and was able to initiate a 3 way handshake with the checkpoint server.
I am using wireshark to analyse traffic going to port 18184 and I don't see that the Splunk App is even trying to connect to the checkpoint server.
I tried restarting the splunk server, but I still don't see any connection to the checkpoint server.
What am I missing?
Thanks.