All Apps and Add-ons

Process to get required modules & Net/SSLeay.pm for Cisco eStreamer for Splunk app?

jwelsh_splunk
Splunk Employee
Splunk Employee

Don't have a lot of experience with Perl, wanted to make sure I'm following the right process to get the eStreamer app working.

I used CPAN to get the following modules:

Getopt::Long (Getopt-Long-2.42)
Socket (Socket-2.014)
IO::Socket::SSL (IO-Socket-SSL-1.997)
NetAddr::IP (NetAddr-IP-4.075)
Storable (Storable-2.51)

Is this the proper process?

  1. Put the modules in $SPLUNK_HOME/etc/apps/eStreamer/bin/lib - (assume this is the right directory to put these modules?)
  2. For each module I run: 'perl Makefile.PL' 'make' 'make install'
  3. Re-run $SPLUNK_HOME/etc/apps/eStreamer/bin/estreamer_client.pl
  4. Add additional modules from CPAN based on errors that appear from previous step until no more errors occur.

Is this correct?

Also, I followed this procedure and received the following error:

"Can't locate Net/SSLeay.pm in @INC"

I then added Net-SSLeay-1.65 module (with steps above) but received several errors during 'make'. Any suggestion of how to get around this?

Thanks in advance.

0 Karma
1 Solution

jwelsh_splunk
Splunk Employee
Splunk Employee

Turns out modules can be added to the system's libraries, not the eStreamer's local lib dir. Easiest method depends on your Linux OS. (Used this as a reference: unix.stackexchange.com/questions/118725/trouble-installing-apt-on-centos-6-64-bit)

Let say the Net/SSLeay.pm is required.

For Debian based distros use dpkg and APT. Process (commands) would be something like the following:

apt-cache search perl | grep -i Net*SSL*
--Find the library name with Net*SSL in it, copy it, then
apt-get install [perl-lib, pasted from previous step]

*Note your commands may need to be run within your /usr/local/bin, /usr/local/lib, or directory that has your systems perl modules.

For Red Hat based distros use rpm and yum as follows:

yum list perl-Net*SSL
--Find the library name with Net*SSL* in it, copy it, then
yum install [perl-lib found, pasted from previous step]

As the official instructions state (apps.splunk.com/app/1629/) repeat this process for each required library by running $SPLUNK_HOME/etc/apps/eStreamer/bin/estreamer_client.pl until you see something like the following:

[root@localhost bin]# pwd
/opt/splunk/etc/apps/eStreamer/bin
[root@localhost bin]# ./estreamer_client.pl
Usage: estreamer_client.pl [options]
Options:
[-c]onfig=
[-l]ogfile=
[-t]est
[-d]aemon

Hope this helps.

View solution in original post

jwelsh_splunk
Splunk Employee
Splunk Employee

Turns out modules can be added to the system's libraries, not the eStreamer's local lib dir. Easiest method depends on your Linux OS. (Used this as a reference: unix.stackexchange.com/questions/118725/trouble-installing-apt-on-centos-6-64-bit)

Let say the Net/SSLeay.pm is required.

For Debian based distros use dpkg and APT. Process (commands) would be something like the following:

apt-cache search perl | grep -i Net*SSL*
--Find the library name with Net*SSL in it, copy it, then
apt-get install [perl-lib, pasted from previous step]

*Note your commands may need to be run within your /usr/local/bin, /usr/local/lib, or directory that has your systems perl modules.

For Red Hat based distros use rpm and yum as follows:

yum list perl-Net*SSL
--Find the library name with Net*SSL* in it, copy it, then
yum install [perl-lib found, pasted from previous step]

As the official instructions state (apps.splunk.com/app/1629/) repeat this process for each required library by running $SPLUNK_HOME/etc/apps/eStreamer/bin/estreamer_client.pl until you see something like the following:

[root@localhost bin]# pwd
/opt/splunk/etc/apps/eStreamer/bin
[root@localhost bin]# ./estreamer_client.pl
Usage: estreamer_client.pl [options]
Options:
[-c]onfig=
[-l]ogfile=
[-t]est
[-d]aemon

Hope this helps.

mwoya
New Member

thanks, your tips work.

this was the modules that i need to install :

/usr/local/lib# apt-cache search perl | grep -i NetAddr
sudo apt-get install libnetaddr-ip-perl

/usr/local/lib$ apt-cache search perl | grep -i Net.*SSL
sudo apt-get install libnet-ssleay-perl

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...