I downloaded the Palo Alto Networks Add-on to pull down feeds from the MineMeld Service. I have configured the Palo Alto TA with the relevant credentials and output node feed URL's as per our configuration. I have configured proxy settings and can confirm that my instance is attempting a connection. However I noted that when the Palo Alto TA runs to fetch this, I note on the proxy that the "connectionpool.py" in the "Splunk_TA_paloalto_minemeld_feed.log" is starting new HTTPS requests to the loop back adapter (i.e. 127.0.0.1).
I have other TA's installed that have their own proxy configurations and these tend to work as expected. Any thoughts on what might be happening here?
"MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 127, in stream_events
self.collect_events(ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\minemeld_feed.py", line 72, in collect_events
input_module.collect_events(self, ew)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 78, in collect_events
kvs_entries = pull_from_kvstore(helper, name, start, stats)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 45, in inner
ret_val = func(*args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\input_module_minemeld_feed.py", line 120, in pull_from_kvstore
parameters={'query': json.dumps({'splunk_source': name})})
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\modinput_wrapper\base_modinput.py", line 476, in send_http_request
proxy_uri=self._get_proxy_uri() if use_proxy else None)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\splunk_aoblib\rest_helper.py", line 43, in send_http_request
return self.http_session.request(method, url, **requests_args)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 390, in send
conn = self.get_connection(request.url, proxies)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 290, in get_connection
proxy_manager = self.proxy_manager_for(proxy)
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 184, in proxy_manager_for
**proxy_kwargs
File "MYINSTALL\etc\apps\Splunk_TA_paloalto\bin\splunk_ta_paloalto\requests\adapters.py", line 43, in SOCKSProxyManager
raise InvalidSchema("Missing dependencies for SOCKS support.")
InvalidSchema: Missing dependencies for SOCKS support.
DateTimeStamp,039 INFO pid=183272 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,352 INFO pid=154016 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
DateTimeStamp,655 INFO pid=16340 tid=MainThread file=connectionpool.py:_new_conn:758 | Starting new HTTPS connection (1): 127.0.0.1
Anyone come across this?