All Apps and Add-ons

What do I do on the IPS side to configure Splunk for Cisco IPS

gpullis
Communicator

I've "configured" the Splunk for Cisco IPS application, but I'm getting the following back from the scripted input:

Wed Apr 4 11:55:04 2012 - ERROR - Connecting to sensor - 999.999.999.999: HTTPError: HTTP Error 401: Unauthorized
Wed Apr 4 11:55:04 2012 - INFO - Successfully connected to: 999.999.999.999
Wed Apr 4 11:55:04 2012 - INFO - Attempting to connect to sensor: 999.999.999.999
Wed Apr 4 11:55:04 2012 - INFO - No exsisting SubscriptionID for host: 999.999.999.999
Wed Apr 4 11:55:04 2012 - INFO - Checking for exsisting SubscriptionID on host: 999.999.999.999

Where 999.999.999.999 is the IP address of the IPS module in our ASA.

I'm pretty confident the problem is that we have no idea what we're doing to get the SDEE stuff set up on the IPS side.

Tags (1)
0 Karma

strumpower
New Member

Check the IPS to see if the Splunk IP is in the allowed hosts config on the IPS. Hope this helps.

0 Karma

rflynn
New Member

Has anyone found a resolution to this error as this is exactly what I am seeing?

0 Karma

jason_t_machtem
New Member

I just upgraded to 1.0.4 for the IPS and am getting these same errors. Any got any answers for this ? I'm in the same boat as the OP SDEE is new to me normally just deal with syslogs and traps... any help appreciated.

0 Karma

rflynn
New Member

Did you ever find a solution?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...