Re: Splunk Add-on for Cisco IPS: Why am I getting ...

jean_tomaz · ‎11-12-2014

Hi,

I have an issue adding new Cisco IPS Sensor.

The following message is appearing:

"Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/Splunk_TA_cisco-ips/admin/cisco_ips_setup/cisco_ips_setup_settings".

I need help, please.

Thanks a lot.

jcoates_splunk · ‎03-14-2015

Quick update -- 2.1.2 solved most of the SSL problems, but there's a couple of last ones we're nailing down for a new maintenance release. There is an interesting problem with these where the IPS only supports a few connections at a time, so there can be times where we're making a perfectly valid request and still get told no.

jmcrabb · ‎12-15-2014

I saw this issue when I had tried copying the app's etc/local directory from a Windows server to a CentOS server. To get it to work, I had to delete the local directory, restart splunk, and use the web interface to add the sensors. This is with Splunk 6.1.4 heavy forwarder and Splunk Add-on for Cisco IPS 2.1.1. On top of that, I had to edit pySDEE.py per the comment by Colin Humphreys here: http://answers.splunk.com/answers/171146/ciscoips-script-not-working-in-splunk-universal-fo.html.

jcoates_splunk · ‎01-13-2015

version 2.1.2 should correct TLS mode errors, please upgrade and open a support ticket if it doesn't work.

imarks004 · ‎11-19-2014

I am also seeing this same error. Anyone found a work around or any useful information from Splunk support?

JSkier · ‎11-19-2014

Splunk professional services was on site when we upgraded this app on a heavy v6 forwarder. They usually don't do much for support of apps even those made by splunk, support usually has to come from the app creator (kinda scary way of doing support IMO).

I was able to get v6 going with 2.0 (the older version), by forcing TLSv1 in the python ssl library splunk uses. It stopped working for unknown reasons after a few hours (started getting the same error as the new version), so I've reverted back to 2.0 app with splunk 5 for now, which still works.

If interested in trying 2.0 (not the latest) app with splunk 6, edit the library splunk uses, look at this file, and change the ssl version (down a bit) to TLSv1: $SPLUNK_HOME/lib/python2.7/ssl.py

jcoates_splunk · ‎01-13-2015

Hi, the 2.1.2 update or later should solve these TLS issues.

Also, this is a Splunk-supported add-on; I'll be happy to chat with anyone who needs a hand with what that means.

JSkier · ‎01-15-2015

Thanks, installation works and it is pulling feeds, but now it won't forward to the index for version 6. I put in a ticket.

cmoyanof · ‎03-13-2015

Hi Jack,

I have error "Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/Splunk_TA_cisco-ips/admin/cisco_ips_setup/cisco_ips_setup_settings"

My version of Splunk_TA_cisco-ips is 2.1.2

😞

JSkier · ‎11-13-2014

Seeing this also. Have had success with previous 2.0 version and splunk heavy forwarder v5. v6 with ssl python library hack did work, but didn't last.

Splunk Add-on for Cisco IPS: Why am I getting this error message trying to add a new Cisco IPS Sensor?

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation