- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Cisco eStreamer eNcore for Splunk On Ubuntu
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco eStreamer eNcore for Splunk On Ubuntu
I've been trying tirelessly to get this to work on Ubuntu 20. My process so far:
1. Install Splunk with the deb package. Seems to work just fine.
2. Login to Splunk and install the eStreamer eNcore. No issues here.
3. Enable all the data inputs file and scripts. No issues here.
4. Jump to the CLI and attempt to get into the /opt/splunk/etc/apps/TA-eSteamer directory. Turns out splunk installed this but its root:root. I changed it to splunk:splunk and 755 like all the other apps. DOesn't appear to cause any harm and lets me in.
5. Edit the splencore.sh for the home directory.
6. Copy in the client.pkcs12 and
7. Run the sudo ./splencore.sh test.
8. Run the commands for the openssl that .splencore.sh says to run. No issues here. Generates the files in the encore directory with the IP of the FMC.
9. Run the sudo ./splencore.sh test again.
Here is where I get the error I can not fix or get past. Below you will see I'm using the pyton2.7 where the latest splunk uses python 3.7. I changed this in the .splencore.sh pybin var because I saw others stating 2.7 was needed. It however didn't fix anything for me.
ERROR:root:code for hash sha1 was not found.
Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/hashlib.py", line 147, in <module>
globals()[__func_name] = __get_hash(__func_name)
File "/opt/splunk/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type sha1
Traceback (most recent call last):
File "./estreamer/preflight.py", line 34, in <module>
import estreamer.crossprocesslogging
File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/__init__.py", line 28, in <module>
from estreamer.connection import Connection
File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/connection.py", line 23, in <module>
import ssl
File "/opt/splunk/lib/python2.7/ssl.py", line 98, in <module>
import _ssl # if we can't import it, let the error propagate
ImportError: libssl.so.1.0.0: cannot open shared object file: No such file or directory
Any help would be appreciated. I've rebuilt this thing so many times and tried everything I can think of.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've been having the same issue, slightly different error, but the same "ImportError: libssl.so.1.0.0: cannot open shared object file: No such file or directory" at the end.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try setting the LD_LIBRARY_PATH, https://www.cisco.com/c/en/us/td/docs/security/firepower/670/api/eStreamer_enCore/eStreamereNcoreSpl... - section 4.3
Enterprise Security Content Update (ESCU) | New Releases
Detecting Remote Code Executions With the Splunk Threat Research Team
Observability | Use Synthetic Monitoring for Website Metadata Verification
