All Apps and Add-ons

Splunk Add-on for Cisco IPS 2.1.2: Why am I getting errors connecting to the sensor?

louis_poulin
Engager

I just installed version 2.1.2 and I just did the setup.

I have a problem connecting to my sensor. Following the documentation (http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/Troubleshooting), I searched in Splunk (v 6.2.0) for index="_internal" sourcetype="sdee_connection" and I see the following entries :

Mon Jan 12 14:09:08 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:09:04 2015 - ERROR - Attempting to re-connect to the sensor: sensor.domain.net
Mon Jan 12 14:09:04 2015 - ERROR - Exception thrown in sdee.get(): HTTPError: HTTP Error 401: Unauthorized
Mon Jan 12 14:08:47 2015 - INFO - host="sensor.domain.net" SessionID="9ca3b03d1b5b4fbc05649fdbdd0e997f" SubscriptionID="sub-4-541d4a3b"
Mon Jan 12 14:08:47 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - Successfully connected to: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - Attempting to connect to sensor: sensor.domain.net
Mon Jan 12 14:08:41 2015 - INFO - No exsisting SubscriptionID for host: sensor.domain.net

I manually tried to connect with a web browser : it works using https://sensor.domain.net and the same credentials entered during setup. The certificate is self signed on the sensor so I get the usual warnings.

Any idea what the problem is?

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi,

Please open a support ticket so that we can get debug logs. Between POODLE and Heartbleed and a few other gotchas, secured connections to appliances are going through a lot of flux right now.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...