All Apps and Add-ons

IPS app not working.

rblalock
New Member

I had it working, barely. One IPS module was reporting even though I had six I was trying to get data from. So I installed an update that appeared in the manager and that broke the app completely. I deleted the app folder and restarted Splunk, then I tried a fresh install of the app. Now I get a message that says the app is awaiting setup. I click the setup link and am prompted for the ip and credentials to add the sensor. When I enter the information and click save, I get this message.

Encountered the following error while trying to update: In handler 'localapps': Failed to search for existing Cisco IPS Sensor credential in app.conf!

I've no idea what this means. I hope somebody can help me.

Tags (2)
0 Karma

rblalock
New Member

Where is local/app.conf?

The server is Ubuntu.

0 Karma

andrew_garvin
Path Finder

What operating system are you running on your Splunk server?

I tried to reproduce the error myself, but I can't. I tried removing and readding the app several different ways, but it worked every time. Here are a few things you can try.

  1. Check permissions on local/app.conf
  2. Are there any strange/foreign characters in local/app.conf?
  3. Add a blank local/app.conf if one does not exist
  4. Restart Splunkd
0 Karma

andrew_garvin
Path Finder

Sorry, I meant $SPLUNK_HOME\etc\apps\Splunk_CiscoIPS\local\app.conf

0 Karma

rblalock
New Member

Where is local/app.conf?

The server is Ubuntu.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...