All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Akamai Errors regarding SSL

Paaattt
Engager
‎07-27-2021 12:58 AM

Hi,

Is there someone who can help me with this one. I had setup TA-Akamai_SIEM on our heavy forwarders. I do not see any data getting pulled after configuring API's but rather messages regarding SSL on the _internal. Anybody had this kind of issue?

We are using this java versions
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)

 

Appreciate the help

message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" ... 25 more
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocketOutputStream.socketWrite(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocketOutputStream.socketWrite0(Native Method)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocketOutputStream.write(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketOutputRecord.encodeAlert(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" ... 22 more
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Suppressed: java.net.SocketException: Broken pipe (Write failed)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:474)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocketInputStream.read(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.Alert.createSSLException(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketInputRecord.read(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketInputRecord.readHeader(Unknown Source)
message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLTransport.decode(Unknown Source)
0 Karma
Reply

James_ACN
Loves-to-Learn Everything
‎10-26-2021 03:47 PM

Hi @Paaattt .

 

I know it's been a while since I posted this error, but I'm also facing the same issue.
But in my case the SIEM connector is installed directly in Splunk Indexer.
Did you manage to solve this problem?
Can anyone in the community help?

Splunk Enterprise Version:8.2.2
siem-splunk-connector: 1.4.9
java version "1.8.0_311"
Java(TM) SE Runtime Environment (build 1.8.0_311-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.311-b11, mixed mode)

 

splunkd.log


10-26-2021 19:09:55.623 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, begin streamEvents
10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName=TA-Akamai_SIEM://akamai_vibra
10-26-2021 19:09:55.842 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg = streamEvents, inputName(String)=TA-Akamai_SIEM://akamai_vibra
10-26-2021 19:09:55.847 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=Processing Data...
10-26-2021 19:09:55.849 -0300 INFO ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" infoMsg=KV Service get...
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Message : Connection refused (Connection refused), Exception : java.lang.RuntimeException: Connection refused (Connection refused)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:462)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.Service.send(Service.java:1295)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.getValuesFromKVStore(Main.java:802)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.streamEvents(Main.java:449)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:74)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.modularinput.Script.run(Script.java:48)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.akamai.siem.Main.main(Main.java:116)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" Caused by: java.net.ConnectException: Connection refused (Connection refused)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.PlainSocketImpl.socketConnect(Native Method)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.SocksSocketImpl.connect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at java.net.Socket.connect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.security.ssl.SSLSocketImpl.connect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.NetworkClient.doConnect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.http.HttpClient.openServer(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsClient.New(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" at com.splunk.HttpService.send(HttpService.java:460)
10-26-2021 19:09:55.900 -0300 ERROR ExecProcessor [2021 ExecProcessor] - message from "/opt/splunk/etc/apps/TA-Akamai_SIEM/linux_x86_64/bin/TA-Akamai_SIEM.sh" ... 6 more

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...