I just installed version 2.1.2 and I just did the setup.
I have a problem connecting to my sensor. Following the documentation (http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/Troubleshooting), I searched in Splunk (v 6.2.0) for index="_internal" sourcetype="sdee_connection" and I see the following entries :
Mon Jan 12 14:09:08 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:09:04 2015 - ERROR - Attempting to re-connect to the sensor: sensor.domain.net
Mon Jan 12 14:09:04 2015 - ERROR - Exception thrown in sdee.get(): HTTPError: HTTP Error 401: Unauthorized
Mon Jan 12 14:08:47 2015 - INFO - host="sensor.domain.net" SessionID="9ca3b03d1b5b4fbc05649fdbdd0e997f" SubscriptionID="sub-4-541d4a3b"
Mon Jan 12 14:08:47 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - Attempting to connect to sensor: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - No exsisting SubscriptionID for host: sensor.domain.net
I manually tried to connect with a web browser : it works using https://sensor.domain.net and the same credentials entered during setup. The certificate is self signed on the sensor so I get the usual warnings.
Any idea what the problem is?
Hi,
Please open a support ticket so that we can get debug logs. Between POODLE and Heartbleed and a few other gotchas, secured connections to appliances are going through a lot of flux right now.