All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to troubleshoot why the SOC Prime SSL Framework for Splunk app is not working?

PHanton
New Member
‎06-16-2016 03:42 AM

I'm trying to get the SOC SSL Framework app working, but just nothing is happening.
How do I start to debug this?

0 Karma
Reply

jamesarmitage
Path Finder
‎07-08-2016 10:06 AM

You need to have a ssl_framework index, or override the destination of the logged events by creating your own indexes.conf and savedsearches.conf in the /local directory of the app.

You can manually trigger a report with the command:

/opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/SOCPrimeSSLFramework/bin/ssl-framework-report.py -c /opt/splunk/etc/apps/SOCPrimeSSLFramework/default/sslframework.conf

You can monitor the reporting progress by following the app's own logfile:

tail -f /opt/splunk/etc/apps/SOCPrimeSSLFramework/bin/ssl-framework-report.log

It seems to take 2-3 minutes per server for the report to be generated. After the scan is finished then an output file is written to /opt/splunk/etc/apps/SOCPrimeSSLFramework/reports. I found that after the initial install, the app didn't schedule a scan until around 12 hours later, so the dashboard was blank unless I manually ran a report using the command above.

Application error events are in the splunkd.log, you can monitor for them by watching:

tail -f /opt/splunk/var/log/splunk/splunkd.log | grep SOCPrimeSSLFramework

You can also do this through the Splunk search interface, by using the search index=_internal SOCPrimeSSLFramework and then filtering your results as needed.

Reply

alexverb
Engager
‎07-01-2016 05:24 AM

Hi PHanton, During 1 day your domains will be scanned and data from SSL labs could be pushed into your splunk. Also pls check python requirements (in install guide). You can manualy start script and collect data from comand line:
python $SPLUNK_HOME/etc/apps/SOCPrimeSSLFramework/bin/ssl-framework-report.py -c '$SPLUNK_HOME/etc/apps/SOCPrimeSSLFramework/default/sslframework.conf'

If you have more questions pls mail to dev@socprime.com
Regards,
Alex

0 Karma
Reply

PHanton
New Member
‎06-16-2016 07:43 AM

using Splunk 6.4

0 Karma
Reply
Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...