- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Cisco Security Suite app and add ons install
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco Security Suite app and add ons install
When installing the new cisco security app and addons you get the error during tar
implausibly old time stamp 1970-01-01 01:00:00
fi
Splunk_CiscoIPS/default/data/ui/views/ips_overview.xml tar: Splunk_CiscoIPS/default/data/ui/views/ips_overview.xml: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/data/ui/views/rt_ips.xml tar: Splunk_CiscoIPS/default/data/ui/views/rt_ips.xml: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/eventtypes.conf tar: Splunk_CiscoIPS/default/eventtypes.conf: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/inputs.conf tar: Splunk_CiscoIPS/default/inputs.conf: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/macros.conf tar: Splunk_CiscoIPS/default/macros.conf: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/props.conf tar: Splunk_CiscoIPS/default/props.conf: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/restmap.conf tar: Splunk_CiscoIPS/default/restmap.conf: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/savedsearches.conf tar: Splunk_CiscoIPS/default/savedsearches.conf: implausibly old time stamp 1970-01-01 01:00:00 Splunk_CiscoIPS/default/setup.xml
after that the conf file are R only, so you cant change anything ( by default with gui) can I ignore the messages? ( and change the file rights with RW, or am I running in troubles and do I have to wait for a splunk fix?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Implausibly Old Timestamps
The root cause for the implausibly old time stamp issue has been identified and will be addressed in a maintenance release of the app (reference issue SOLN-949).
Read-Only Conf Files
You should not edit the configuration files under the default directory. Instead, you can override the default conf file settings by creating a conf file with the same name under the local directory with the parameters you want to change.
For example, the Cisco Security Suite app ships with an app.conf file under default (etc/apps/Splunk_CiscoSecuritySuite/default/app.conf) that includes the following:
[install]
state = enabled
is_configured = false
build = 96705
Once you configure the app in the Splunk UI, Splunk overrides the "is_configured" field by making a local conf file (etc/apps/Splunk_CiscoSecuritySuite/local/app.conf) that overrides the is_configured field:
[install]
is_configured = true
The local version takes precedence over the default conf file; thus, Splunk acts the same as if the default app.conf file had been modified and is_configured will be considered to have a value of "true".
It is important to edit the local conf files because the settings you put under the local directory will persist after an upgrade. However, settings made in the default directory are not upgrade safe.
Uncovering Multi-Account Fraud with Splunk Banking Analytics
Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...
New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...
