https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71068#M14449 <P>Hello,</P> <P>I've noticed after changing the interval setting within the inputs.conf for our various IPS' it still connects to the IPS' every 1 second regardless of what I set the interval to. Is there a reason for it not respecting this value? or is there a setting that I may be missing?</P> <P>Thanks, Josh</P> Thu, 31 Mar 2011 00:11:51 GMT joshd 2011-03-31T00:11:51Z https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71068#M14449 <P>Hello,</P> <P>I've noticed after changing the interval setting within the inputs.conf for our various IPS' it still connects to the IPS' every 1 second regardless of what I set the interval to. Is there a reason for it not respecting this value? or is there a setting that I may be missing?</P> <P>Thanks, Josh</P> Thu, 31 Mar 2011 00:11:51 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71068#M14449 joshd 2011-03-31T00:11:51Z https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71069#M14450 <P>Hey Josh, the SDEE connection module, used by <CODE>get_ips_feed.py</CODE>, has a default 1 second retry on unsuccessful connections. As such, it sounds like it might be a connection issue.</P> <P>The scripted input writes to log file <CODE>$SPLUNK_HOME/var/log/splunk/sdee_get.log</CODE> which contains status information for the connection. Have you tried checking that to see if there's any information there?</P> Thu, 31 Mar 2011 03:30:12 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71069#M14450 dleung 2011-03-31T03:30:12Z https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71070#M14451 <P>Yeah, I looked into the sdee_get.log initially and it does not report any issues, it shows successful connections to the IPS and then no more repeat messages. When I actually look at the process list on the machine (ps aux), I see the processes constantly running, should this be the case or should I only see them in the process list every X-minutes as they are configured within the inputs.conf</P> Thu, 31 Mar 2011 23:05:05 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71070#M14451 joshd 2011-03-31T23:05:05Z https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71071#M14452 <P>Hi Josh,</P> <P>I have the same troubles than you. After a quick look, I think I found the mistake :</P> <P>File get_ips_feed.py :</P> <P>[...]<BR /> 58 while 1:</P> <P>59 try:</P> <P>60 sdee.get()</P> <P>61 except:</P> <P>[...]</P> <P>I do not know why, but the loop runs forever, there is no exit / break into this loop.<BR /> We should ask Splunk why....maybe it's a bug.</P> <P>A quick and dirty fix, add a break at the end of the loop :</P> <P>167 ### Commen/Uncomment to write to stdout</P> <P>168 # print syslog_msg +"\n"</P> <P>169 break</P> <P>It seems to work for me. Do not forget to change the "interval" option to 60 for example.<BR /> Let me know if it works for you too.</P> Mon, 28 Sep 2020 09:55:24 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-for-Cisco-IPS-connects-to-IPS-every-second-regardless-of/m-p/71071#M14452 ysouchon 2020-09-28T09:55:24Z