All Apps and Add-ons

DBX App - failed to connect to mssql database by using SSL (ssl is enforced on database server) - jbridge not running

oHable
Explorer

Hallo,

whenever i try to make a database connection to an mssql server, i get the following error reported in /opt/splunk/var/log/splunk/jbridge.log and my database connection fails.
I can do a successful database connection by using a commandline tool, so needed ports of the database connection are not filtered by a firewall and user credentials are ok.

I added the property -Djsse.enableCBCProtection=false into java.conf cause of some mssql java ssl errors which should be fixed by this property.

Any ideas what's going wrong?

Sincerely oliver ...

--- begin logfile entries ---

2012-12-10 15:13:50,277 INFO Started JavaBridgeServer PID=15459
2012-12-10 15:13:50,277 DEBUG starting pid watcher...
2012-12-10 15:13:51,178 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: java.io.IOException: Server returned HTTP response code: 401 for URL: https://127.0.0.1:8089/servicesNS/nobody/-/admin/conf-java?count=10000 at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:195) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:203) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:307) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://127.0.0.1:8089/servicesNS/nobody/-/admin/conf-java?count=10000 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1491) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1485) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1139) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) at com.splunk.rest.Response.getContent(Response.java:49) at com.splunk.rest.Response.readXML(Response.java:57) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:193) ... 6 more Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://127.0.0.1:8089/servicesNS/nobody/-/admin/conf-java?count=10000 at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318) at com.splunk.rest.Response.(Response.java:26)

--- end logfile entries ---

cat /opt/splunk/etc/apps/dbx/local/java.conf

[java]

home = /usr/lib/jvm/java-1.6.0-sun-1.6.0.37.x86_64/jre

options = -Xmx256m -Djsse.enableCBCProtection=false -Dfile.encoding=UTF-8 -server -Duser.language=en -Duser.region=

[bridge]

addr = 127.0.0.1

port = 17865

threads = 10

debug = true

[logging]

level = DEBUG

file = dbx.log

console = false

logger.com.splunk.dbx = DEBUG

--- dbx.log ---

2012-12-10 15:13:50.513 main:INFO:Splunkd - Initialized Splunkd REST service service=127.0.0.1:8089 sessionKey=081aa8bc1b2803b4e55495be79a65c34
2012-12-10 15:13:50.515 main:DEBUG:PersistentValueStoreFactory - Default type xstream
2012-12-10 15:13:50.516 main:DEBUG:PersistentValueStoreFactory - Adding type=jdbm class=com.splunk.persistence.impl.JdbmStore
2012-12-10 15:13:50.516 main:DEBUG:PersistentValueStoreFactory - Adding type=xstream class=com.splunk.persistence.impl.XStreamStore
2012-12-10 15:13:50.519 main:DEBUG:XStreamStore - Initialized XStreamStore at /opt/splunk/var/lib/splunk/persistentstorage/dbx/global/state.xml
2012-12-10 15:13:50.615 main:DEBUG:XStreamStore - Loading state from XML file...
2012-12-10 15:13:50.652 main:DEBUG:SplunkContext - Initialized configuration adapter: com.splunk.config.cache.CachedConfigurationAdapter@9a082e2
2012-12-10 15:13:50.654 main:INFO:SplunkContext - Splunk Context initialized: SplunkContext{env=SplunkEnvironment{SPLUNK_HOME=/opt/splunk,SPLUNK_DB=/opt/splunk/var/lib/splunk}}
2012-12-10 15:13:50.656 main:DEBUG:Splunkd - Performing Splunkd Request: RESTRequest{GET admin/conf-java}

--- end dbx.log ---

1 Solution

ziegfried
Influencer

From the log snippets you provided it doesn't sound like a connection problem to the database server. It seems like DB Connect is not able to fetch Splunk configuration via REST.

2 Questions:

  • Did you remove the admin user?
  • Or did you change the permissions/roles of the admin user?

If you did, then you'll need to change the scripted input that starts the DB Connect daemon. In $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf you will find a scripted input stanza like this:

[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0

You need to add the passAuth parameter to it, with a user that has admin-role (or equivalent) permissions. If you don't have such a user, you'll need to create it.

Example with a user called "dbconnect"

[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0
passAuth = dbconnect

View solution in original post

ziegfried
Influencer

From the log snippets you provided it doesn't sound like a connection problem to the database server. It seems like DB Connect is not able to fetch Splunk configuration via REST.

2 Questions:

  • Did you remove the admin user?
  • Or did you change the permissions/roles of the admin user?

If you did, then you'll need to change the scripted input that starts the DB Connect daemon. In $SPLUNK_HOME/etc/apps/dbx/local/inputs.conf you will find a scripted input stanza like this:

[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0

You need to add the passAuth parameter to it, with a user that has admin-role (or equivalent) permissions. If you don't have such a user, you'll need to create it.

Example with a user called "dbconnect"

[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0
passAuth = dbconnect

View solution in original post

hemendralodhi
Contributor

This is great solution. Saved my Day!!

0 Karma

dvb
Path Finder

For us explicitly setting passAuth=admin(which is the local admin, not one from LDAP) worked.
So it seems that by default dbx is not taking the local admin (but probably the local system user as is the default)

0 Karma

oHable
Explorer

Hallo,

Problem solved:

[script://$SPLUNK_HOME/etc/apps/dbx/bin/jbridge_server.py]
disabled = 0
passAuth = aUserWithAdminPrivs

big thanks for the fast response and help.

sincerely oliver

0 Karma

hvandenb
Path Finder

We're getting the same error we have the admin user and tried to create another user. The only difference here is that we have LDAP authentication. Not sure if that matters.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!