proxy_password = password of proxy account

szabados · ‎06-09-2017

I'm trying to use the above add-on to get Azure Audit logs, and I want to use a proxy. Everything is configured according to the docs, but any time the script tries to download the data, I'm getting 10061.
I double checked with wireshark, the script is not even trying to connect to my proxy, instead it tries connecting directly to the Microsoft servers. I'm running on a Windows server.

How can I get this working ?

fatemabw · ‎11-02-2018

Figured it out.
Got it to working.
There is a config file inside the apps folder under the add-on, where the proxy settings has to be explicitly mentioned.

Under: /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_client_settings.conf
[proxy]
proxy_enabled = 1
proxy_rdns = 1
proxy_type = http

proxy_password = password of proxy account

proxy_port = 8000
proxy_url = proxy1.your.server.com
disabled = 0

proxy_username = user name of proxy account

oljaszubs · ‎08-21-2018

I have the same issue - I can't see any traffic to be forwarded to provided proxy. Does anybody manage it to run ?

fatemabw · ‎10-31-2018

I am also struggling with the same. I have followed the doc to install, and since the forwarder is sitting behind a proxy, which majority of deployments do, can't connect to the proxy, instead Splunk forwarder is trying to directly connect to the MS cloud IP.
I have tried setting the proxy config in splunk-launch.conf, server.conf but nothing seem to work.

Has anyone figured out the solution?

Appreciate the help and comments!

Splunk Add-on for Microsoft Cloud Services with proxy?

proxy_password = password of proxy account

proxy_username = user name of proxy account

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?