My question is similar to the below:
http://answers.splunk.com/answers/179701/splunk-db-connect-why-am-i-getting-an-error-config.html
This saga started when I upgraded to 1.2 back on July 17. At the time I was running Java 1.7. Things got a little crazy and I never noticed that I stopped getting data from ePO. Fast forward to this week when I finally noticed that my ePO dashboards weren't working. While troubleshooting, I found that I need to upgrade java to 1.8 as DB Connect 1 version 1.2 didn't work with java 1.7
I upgraded to Java 1.8 and removed versions 1.6 and 1.7. So I now have DB Connect 1 version 1.2 and I also upgraded Splunk Add-on for McAfee to version 2.1.1
Splunk is installed on CentOS 6.5 and McAfee ePO 4.6.9 is running on a Windows 2008R2 server with MSSQL 2008R2.
java bridge is now running just fine.
But here's my problem. I am still not getting any events from ePO.
I've double/triple checked that the domain/username and password are correctly entered. I don't have any errors in splunkd.log, dbx.log or jbridge.log.
However, when I go to the Splunk DB Connect app and go into the Database Info page where it had the Database Tables panel and I click the 'Fetch tables' button, I get nothing back (after, mind you, selecting the correct database in the drop down above).
Also, when I got to Settings- External Databases - mydatabase and try to re-enter the domain/username and password, I get this error:
Encountered the following error while trying to update: In handler 'databases': Error connecting to database: com.ibm.db2.jcc.am.DisconnectNonTransientConnectionException: [jcc][t4][2043][11550][4.19.26] Exception java.net.ConnectException: Error opening socket to server /x.x.x.x on port 3,700 with message: Connection refused. ERRORCODE=-4499, SQLSTATE=08001
And if I go to Settings - Database Inputs - myinput and (without changing anything) click save, I get this error:
Encountered the following error while trying to update: Splunkd daemon is not responding: (u'Error connecting to /servicesNS/-/dbx/dbx/dbmon/dbmon-tail%3A%252F%252Fmcafee_epo_4_db%252Fta_mcafee_epo_4_input: The read operation timed out',)
and finally, if I got to the app itself and go to settings - Splunk DB Connect configuration and click save (with or without changing anything), I get the following error:
Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/dbx/dbx/install/java
I'm wondering what else I can do. The two things I know I have not tried are 1) Uninstall and reinstall DB Connect 1 and 2) Install and use DB Connect 2.
Suggestions?
Thanks.
On wrap up, I have the latest version of DB Connect 1 (1.2.2) and java 1.7 and I finally got the connection working.
1.2.2 says it works with java 1.8, but I'm staying with what works for now....
On wrap up, I have the latest version of DB Connect 1 (1.2.2) and java 1.7 and I finally got the connection working.
1.2.2 says it works with java 1.8, but I'm staying with what works for now....
After you upgraded your java version, did you verify in dbconnect that you configured the app with the new, correct java path? Also, I don't remember dbx2 coming with the jar file for the driver. Take a look at this answers post which clears a couple things up.
http://answers.splunk.com/answers/233188/db-connect-and-java-versions.html
We recently released 1.2.1 with the capability to use Java 7 and 8, to assist with this kind of transition.
I'm at 1.2.1 for DB Connect 1
Disabled DB Connect 1 and tried installing DB Connect 2. Followed the instructions for configuring.
This is what I get now:
If I try MS SQL server using MS Generic Driver with Windows authentication both with and without checking SSL:
Validating connection with URL [jdbc:sqlserver://x.x.x.x:1433;databaseName=DATABASENAME;selectMethod=cursor;integratedSecurity=true;encrypt=true;trustServerCertificate=true] failed: com.microsoft.sqlserver.jdbc.SQLServerException:com.microsoft.sqlserver.jdbc.SQLServerException: This driver is not configured for integrated authentication. ClientConnectionId:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
If I try MS SQL server using MS Generic Driver both with and without SSL
Validating connection with URL [jdbc:sqlserver://x.x.x.x:1433;databaseName=DATABASENAME;selectMethod=cursor;encrypt=true;trustServerCertificate=true] failed: com.microsoft.sqlserver.jdbc.SQLServerException:com.microsoft.sqlserver.jdbc.SQLServerException: Login failed for user 'DOMAIN/username'. ClientConnectionId:XXXXXXXXXXXXXXXXXX
does the DOMAIN/username account exist in your MSSQL instance and does it have access rights to the ePO database?
Yes. Verified by using MS SQL Studio Manager and connecting to the DB that way.
hi!
do you resolve your problem?
I have same error.
No, I now have a support ticket in. Also, I upgraded from 6.2 to 6.3 and that broke other things (sigh) and I have a ticket in for that. If/when this gets fixed, I'll post an update. (on a side note, I've had problems connecting to ePOs DB with other SIEMs as well)
ePO database seems to have been causing everyone else issues for year. When will McAfee ever wise up and include an option to dump a copy of log files to filesystem like Symantec (one of the only features that I really like about their AV management console)
I can telnet to that port and it accepts that connection.
The path is right.
putting the driver .jar files didn't help.
I'm going to try and install DBX2 to see if that works...
I've always had issues getting dbx v2 to tail rising column correctly and never had that issue with dbx 1.x