All Apps and Add-ons

Cisco Security Suite Setup Failure

edwardrose
Contributor

Hello All

I have Splunk Enterprise 6.5.2 and Cisco Security Suite 3.1.2. I also have TAs for ASA, ESA and WSA installed. When I launch the Cisco Security Suite app it goes to the config page and when I click continue to app setup page I get an error.

404 Not Found

Return to Splunk home page
Page not found!
View more information about your request (request ID = 58ff9ebd527f7a53201490) in Search

This page was linked to from https://splk-srch-01.wv.mentorg.com:8000/en-US/app/Splunk_CiscoSecuritySuite/.

I do not see any other issues or errors. I have tried to follow the instructions from the following link but it fails as well.

https://answers.splunk.com/answers/12702/splunk-cisco-security-suite.html?utm_source=typeahead&utm_m...

Does anyone have any idea why it isn't working or how to fix it?

thanks

0 Karma
1 Solution

alacercogitatus
SplunkTrust
SplunkTrust

Basically, the app is timing out because it does an initial data sweep prior to start configuration.

There are two options: increase timeout, or edit python to bypass the jobs that run against your data. If you are a very large environment, just do option two, edit the python. Option 1 will work if let it run long enough.

More details are over here: https://answers.splunk.com/answers/409761/why-am-i-getting-a-404-error-when-i-try-to-set-up.html.

Option 1

Edit: /opt/splunk/etc/system/local/web.conf

splunkdConnectionTimeout = 1400

Option 2

Edit: Splunk_CiscoSecuritySuite/bin/css_setup_handler.py

alter the lines looking like info['asa_count'] = 0 to= 1 instead where a feature should be installed.
REMOVE all lines that look like that are running search jobs.

Restart Splunk.

View solution in original post

eidil
Explorer

You can edit the app.conf file. Search for the install stanza and change:

is_configured = true

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

Basically, the app is timing out because it does an initial data sweep prior to start configuration.

There are two options: increase timeout, or edit python to bypass the jobs that run against your data. If you are a very large environment, just do option two, edit the python. Option 1 will work if let it run long enough.

More details are over here: https://answers.splunk.com/answers/409761/why-am-i-getting-a-404-error-when-i-try-to-set-up.html.

Option 1

Edit: /opt/splunk/etc/system/local/web.conf

splunkdConnectionTimeout = 1400

Option 2

Edit: Splunk_CiscoSecuritySuite/bin/css_setup_handler.py

alter the lines looking like info['asa_count'] = 0 to= 1 instead where a feature should be installed.
REMOVE all lines that look like that are running search jobs.

Restart Splunk.

nmiller_splunk
Splunk Employee
Splunk Employee

The need to increase the timeout is explicitly called out in the release notes Cisco Security Suite details here: https://splunkbase.splunk.com/app/525/#/details

Known Issues
===
3.1.2
- Package name still has "Splunk_" prefix. This is required if keeping same Splunkbase path yet this app is no longer Splunk supported
- splunkdConnectionTimeout may still need to be set artificially high on some systems for the setup experience

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...