All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cisco Security Suite - cannot configure

pil321
Communicator
‎01-09-2018 09:44 AM

I've just installed Cisco Security Suite (v 3.1.2) on Splunk (v 7.0.1).

When I launch the app, it takes me to the 'App configuration' screen. I click on the 'Continue to app setup page' button and I get this:

500 Internal Server Error

View more information about your request (request ID = 5a54fe1e947fcd584de350) in Search

When I click on the 'View.....' link above, the search has no results.

Any ideas?

Reply

mwisniewski9
Explorer
‎02-14-2018 11:17 AM

Hello,

I had the exact same issue today on splunk 7.0.1. I did increase the search time as others have recommended but what finally solved it seems to be is just skipping the setup configuration page. I'm only monitoring Cisco ASA and IOS devices

I followed the instructions in this thread. and set my etc/apps/Splunk_CiscoSecuriySuite/local/app.conf for is_configured = true
https://answers.splunk.com/answers/12702/splunk-cisco-security-suite.html

0 Karma
Reply

Anam
Community Manager
Community Manager
‎02-14-2018 11:26 AM

Hello mwisniewski9

This question was posted a little over a month ago, it would be best to post a brand new question to get maximum exposure and help for your problem. If the answers here weren't able to solve your problem, please post a new question.

Thanks

0 Karma
Reply

mwisniewski9
Explorer
‎02-14-2018 12:02 PM

I am trying to submit my response as an answer to their problem. What would be the best way to do that. I had the same issue.

0 Karma
Reply

Anam
Community Manager
Community Manager
‎02-14-2018 12:17 PM

Hi mwisniewski9

Thank you for answering! I just converted your comment into an answer.

0 Karma
Reply

mwisniewski9
Explorer
‎02-14-2018 12:27 PM

Thanks! I appreciate it 🙂

0 Karma
Reply

p_gurav
Champion
‎01-10-2018 02:25 AM

Hi pil321,

Please refer below link:
https://answers.splunk.com/answers/451423/cisco-security-suite-312-after-installation-are-we.html

Reply

pil321
Communicator
‎01-10-2018 04:10 AM

Thanks for your reply p_gurav.

Unfortunately, this did not work for me.

0 Karma
Reply

p_gurav
Champion
‎01-10-2018 04:35 AM

Could you please check app permission in app manager?

0 Karma
Reply

pil321
Communicator
‎01-10-2018 06:21 AM

Everyone has read permissions. Admin has write permissions.

0 Karma
Reply

p_gurav
Champion
‎01-10-2018 06:33 AM

ohh!! Because in app document they said:

Known Issues

3.1.2
- Package name still has "Splunk_" prefix. This is required if keeping same Splunkbase path yet this app is no longer Splunk supported
- splunkdConnectionTimeout may still need to be set artificially high on some systems for the setup experience

Could you also check in index=_internal logs to find root cause..

0 Karma
Reply

p_gurav
Champion
‎01-10-2018 06:41 AM

Also try Option 2 specified in this thread:

https://answers.splunk.com/answers/523408/cisco-security-suite-setup-failure.html

0 Karma
Reply

p_gurav
Champion
‎01-10-2018 04:41 AM

Also can you tell me what value you set for Timeout? Did You restart splunk service after that?

0 Karma
Reply

pil321
Communicator
‎01-10-2018 06:22 AM

Timeout is 300. Splunk service was restarted.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...