All Apps and Add-ons

Splunk Add-on for Cisco IPS, I can't get any data.

Engager

pySDEE.py :
req = urllib2.Request("%s?%s" % (self.uri, params))
req.add
header('Authorization', "BASIC %s" % (self.b64pass))
data = urllib2.urlopen(req)
self.
response = data.read()
获取出来的数据为

<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns="http://www.cisco.com/cids/2006/08/cidee" xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:sd="http://example.org/2003/08/sdee" xmlns:cid="http://www.cisco.com/cids/2006/08/cidee"><env:Header><sd:oobInfo><sd:sessionId>9b39b7e6f010d79497aed75b8acd832e</sd:sessionId></sd:oobInfo></env:Header><env:Body><sd:subscriptionId>sub-18-d35d11f3</sd:subscriptionId></env:Body></env:Envelope>

即使有数据也是这样的,请问这是出了什么问题。我通过Cisco的软件去查看是有数据的。

0 Karma

Builder

I presume you have followed Splunk doc for setting up Cisco IPS as data source. http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

If you still face any problem, please share inputs.conf, output of index=_internal tcpoutputproc error *.py

0 Karma