Splunk Add-on for Cisco IPS, I can't get any data.

wuhenzhe · ‎03-08-2015

pySDEE.py ：
req = urllib2.Request("%s?%s" % (self._uri, params))
req.add_header('Authorization', "BASIC %s" % (self._b64pass))
data = urllib2.urlopen(req)
self._response = data.read()
获取出来的数据为

<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns="http://www.cisco.com/cids/2006/08/cidee" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:sd="http://example.org/2003/08/sdee" xmlns:cid="http://www.cisco.com/cids/2006/08/cidee"><env:Header><sd:oobInfo><sd:sessionId>9b39b7e6f010d79497aed75b8acd832e</sd:sessionId></sd:oobInfo></env:Header><env:Body><sd:subscriptionId>sub-18-d35d11f3</sd:subscriptionId></env:Body></env:Envelope>

即使有数据也是这样的，请问这是出了什么问题。我通过Cisco的软件去查看是有数据的。

satishsdange · ‎03-09-2015

I presume you have followed Splunk doc for setting up Cisco IPS as data source. http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

If you still face any problem, please share inputs.conf, output of index=_internal tcpoutputproc error *.py

Splunk Add-on for Cisco IPS, I can't get any data.

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023