All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Cisco IPS: Why am I getting "HTTP Error 401: Unauthorized"?

vinchakov_a
Path Finder
‎04-08-2015 11:19 PM 
Thu Apr  9 09:12:16 2015 - ERROR - Attempting to re-connect to the sensor: 172.16.23.50
Thu Apr  9 09:12:19 2015 - INFO - Checking for existing SubscriptionID on host: 172.16.23.50
Thu Apr  9 09:12:19 2015 - INFO - Attempting to connect to sensor: 172.16.23.50
Thu Apr  9 09:12:19 2015 - INFO - Successfully connected to: 172.16.23.50
Thu Apr  9 09:12:38 2015 - ERROR - Exception thrown in sdee.get(): Traceback (most recent call last):   File "/opt/splunk/etc/apps/Splunk_TA_cisco-ips/bin/get_ips_feed.py", line 113, in run     sdee.get()   File "/opt/splunk/etc/apps/Splunk_TA_cisco-ips/bin/pysdee/pySDEE.py", line 211, in get     self._request(params, **kwargs)   File "/opt/splunk/etc/apps/Splunk_TA_cisco-ips/bin/pysdee/pySDEE.py", line 163, in _request     data = urllib2.urlopen(req)   File "/opt/splunk/lib/python2.7/urllib2.py", line 127, in urlopen     return _opener.open(url, data, timeout)   File "/opt/splunk/lib/python2.7/urllib2.py", line 410, in open     response = meth(req, response)   File "/opt/splunk/lib/python2.7/urllib2.py", line 523, in http_response     'http', request, response, code, msg, hdrs)   File "/opt/splunk/lib/python2.7/urllib2.py", line 448, in error     return self._call_chain(*args)   File "/opt/splunk/lib/python2.7/urllib2.py", line 382, in _call_chain     result = func(*args)   File "/opt/splunk/lib/python2.7/urllib2.py", line 531, in http_error_default     raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) HTTPError: HTTP Error 401: Unauthorized 
Thu Apr  9 09:12:38 2015 - ERROR - Attempting to re-connect to the sensor: 172.16.23.50
Thu Apr  9 09:12:42 2015 - INFO - Checking for existing SubscriptionID on host: 172.16.23.50
Thu Apr  9 09:12:42 2015 - INFO - Attempting to connect to sensor: 172.16.23.50
Thu Apr  9 09:12:42 2015 - INFO - Successfully connected to: 172.16.23.50
0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎04-11-2015 02:32 PM

There are two potential reasons:
- The device wants a different SSL or TLS configuration than you're using. Make sure you're on the latest Add-on and latest device firmware, and double-check configurations
- The device is busy and not giving a good error message.

0 Karma
Reply

bmas10
Explorer
‎06-11-2016 11:07 AM

I am seeing the same errors on devices that aren't busy and have been configured to use TLSv1_1 in pySDEE.py. Still not love. Any other ideas?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through: An introduction to the Splunk Threat ...