All Apps and Add-ons

Splunk Add-on for Cisco IPS: Why am I receiving "URLError: urlopen error [Errno 104] Connection reset by peer"?

paguayof
New Member

Hello there,

I have an issue obtaining logs from an IPS.......I can add the IPS correctly, but then I receive this logs.

[root@localhost splunk]# tail -f sdee_get.log 
Fri Feb 20 17:41:43 2015 - INFO - Checking for exsisting SubscriptionID on host: 10.201.158.35
Fri Feb 20 17:41:43 2015 - INFO - No exsisting SubscriptionID for host: 10.201.158.35
Fri Feb 20 17:41:43 2015 - INFO - Attempting to connect to sensor: 10.201.158.35
Fri Feb 20 17:41:43 2015 - INFO - Successfully connected to: 10.201.158.35
Fri Feb 20 17:41:44 2015 - ERROR - Connecting to sensor - 10.201.158.35: URLError: urlopen error [Errno 104] Connection reset by peer>

Splunk is in the Allowed host list in the IPS

Someone knows whats going on?

0 Karma

bmas10
Explorer

I updated the SSL to use TLS as stated in the http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/Troubleshooting to get around this issue.

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Is the IPS hitting its maximum allotment of connections?

0 Karma

hortonew
Builder

Check my post here and see if this is related: http://blog.hortonew.com/splunk-ciscoips-app-no-longer-pulls-from-ips

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi, I don't think that patch is valid any more, as we've made some changes to the connection code.

hortonew
Builder

Good to know, thanks.

0 Karma
Get Updates on the Splunk Community!

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through: An introduction to the Splunk Threat ...