All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

cisco estreamer data logs

edgarsilva01
Path Finder
‎01-18-2021 12:18 PM


Hello everyone

I have a problem with cisco estreamer logs: data

Apparently there is an intermittence with the sending of logs, a couple of weeks ago the cisco certificate was configured and the logs began to arrive, after a while they stopped.

When we went to review, apply a restart to the indexer and the logs began to arrive.
we have had this problem for 3 weeks, sometimes when restarting the indexer no logs are received.

Anyone ever happened something similar?
or what may be happening.

thanks

Labels (2)
0 Karma
Reply

AhmadKhattak20
Explorer
‎02-26-2021 01:12 AM

@edgarsilva01 were you able to resolve this issue? Can you share the solution if so? Thanks

0 Karma
Reply

edgarsilva01
Path Finder
‎02-26-2021 07:07 AM

Hello, Ahmadkhattak20,

We have not solved it, we open a case in splunk and they do not support that app either.

The answer was the following


"Hope you are doing really well! My name is Russel Andrey.

After reviewing the information, I see that the support for this add-on is "Not Supported". Here you have more insights about App support types:

https://docs.splunk.com/Documentation/Splunkbase/splunkbase/Splunkbase/Appsupporttypes

As best effort from my side, here you have some information that can be helpful for you:

- This is the official documentation from the app: https://www.cisco.com/c/en/us/td/docs/security/firepower/670/api/eStreamer_enCore/eStreamereNcoreSpl...

In case the documentation or steps shared above are not working, I strongly suggest you creating your own question in our communities channel for further assistance. At this point, I will proceed archiving this support ticket."

Thanks for your comprehension.

 

edgarsilva01_0-1614351839281.png

 

Reply

scelikok
SplunkTrust
SplunkTrust
‎01-18-2021 12:30 PM

Hi @edgarsilva01,

I experienced this problem too but there is no solution because the problem is not on Splunk side. FMC stops sending data or sends extremely slow to the socket at that times. If restart on Splunk does not help, restarting e-streamer service on FMC should work.

You can create a bash script to check data delay and send restart to estreamer app on Splunk.

Another better workaround is if you are using V6.4 on Firepower, using syslog.

 

If this reply helps you a upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...