All Apps and Add-ons

Cisco AMP for Endpoints Events Input is logging a 403 error

dryarashus
New Member

I've installed and configured the Cisco AMP for Endpoints Events Input app 2.0.2, and the API calls seem to work, but data isn't coming in, instead repetitively logging into $SPLUNK_HOME/var/log/splunk/amp4e_events_input.log the following messages:

2022-03-31 11:35:05,815 ERROR Amp4eEvents - Consumer Error that does not look like connection failure! See the traceback below.
2022-03-31 11:35:05,816 ERROR Amp4eEvents - Traceback (most recent call last):
  File "/opt/splunk/etc/apps/amp4e_events_input/bin/util/stream_consumer.py", line 34, in run
    self._connection = pika.BlockingConnection(pika.URLParameters(self._url))
  File "/opt/splunk/etc/apps/amp4e_events_input/bin/pika/adapters/blocking_connection.py", line 377, in __init__
    self._process_io_for_connection_setup()
  File "/opt/splunk/etc/apps/amp4e_events_input/bin/pika/adapters/blocking_connection.py", line 417, in _process_io_for_connection_setup
    self._open_error_result.is_ready)
  File "/opt/splunk/etc/apps/amp4e_events_input/bin/pika/adapters/blocking_connection.py", line 469, in _flush_output
    raise maybe_exception
pika.exceptions.ProbableAuthenticationError: (403, 'ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.') 

I don't know what broker logfile it's suggesting I reference, or how to fix this error since the authentication type is hard-coded in the app.  All the errors I'm finding when I search relate to RabbitMQ.

Labels (2)
0 Karma

Space_Crawler
Observer

Hi, I am seeing the same error message. Has anyone been able to resolve this?

0 Karma
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...