Hi All,
i have installed the splunk cloudgateway app, configured proxy settings and have registered a device.
However i am unable to load any assigned dashboards. The mobile device displays
'Oops, something went wrong'
mob log extracted:
[2020-12-02T14:06:52Z] [9475:] [ApplicationRequestManager] [error] CallingRequest SingleClientCallingRequest(A82153C3-AFB8-4AC4-AF2B-9118A15229B9)[parent: SingleClientRequest[requestID:A82153C3-AFB8-4AC4-AF2B-9118A15229B9 context:{SpacebridgeDashboardListCommand}]] failed with error: spacebridgeError(SpacebridgeProtobuf.Spacebridge_SpacebridgeMessage:
id: "9abdb705-9472-4f57-99b8-93e313550f12"
to: "`\232\262\205\311\317\256,\260L\323\001\330\330\vnR\247\361PEn\262\027\033\353\312\344L\221F\331"
replyToMessageId: "A82153C3-AFB8-4AC4-AF2B-9118A15229B9"
error {
code: ERROR_MESSAGE_UNDELIVERABLE
}
)
dashboard status:
Cloud app internal log:
appreciate any support/assistance
Many Thanks
You would be requesting a bypass for the SSL inspection.
In other words, you would need a business case justification that the Splunk Cloud Gateway service should be allowed to pass through the proxy un-inspected.
The cloud Gateway docs say this:
So the simplest approach is to exempt/bypass inspection for prod.spacebridge.spl.mobi (or make sure websockets are enabled)
https://docs.splunk.com/Documentation/Gateway/1.13.0/Registration/TroubleshootConnectionIssues
I am not sure that there is a documented approach for adding custom CA certificates - I would talk to Splunk Support for their recommendation on the best approach/if this is even possible - There are significant security controls built in to Spacebridge, adding additional CA certs into the trust chain could compromise this, so you maybe limited to the first option
thanks for the quick response!
yes, our proxy does SSL inspection
if i request a bypass, what exactly am i requesting to be bypassed?
also, any instructions on how to configure splunk to trust our proxy ca cert?
Thanks in advance
You would be requesting a bypass for the SSL inspection.
In other words, you would need a business case justification that the Splunk Cloud Gateway service should be allowed to pass through the proxy un-inspected.
The cloud Gateway docs say this:
So the simplest approach is to exempt/bypass inspection for prod.spacebridge.spl.mobi (or make sure websockets are enabled)
https://docs.splunk.com/Documentation/Gateway/1.13.0/Registration/TroubleshootConnectionIssues
I am not sure that there is a documented approach for adding custom CA certificates - I would talk to Splunk Support for their recommendation on the best approach/if this is even possible - There are significant security controls built in to Spacebridge, adding additional CA certs into the trust chain could compromise this, so you maybe limited to the first option
thanks for the quick response!
yes, our proxy does SSL inspection
if i request a bypass, what exactly am i requesting to be bypassed?
also, any instructions on how to configure splunk to trust our proxy ca cert?
Thanks in advance 🙂
Is your proxy doing SSL inspection?
If so, this will break the certificate chain that SpaceBridge uses to communicate.
In environments I have worked on in the past we have requested a bypass for inspection (along with business case justification).
This is the simplest route forwards, the alternative is to configure Splunk to trust your Proxies CA cert.
following your advice i've managed to get on to a new proxy server that supports websockets. No need for SSL exemption.
At this point, the dashboard is looking alot healthier however the cloud gateway status is still displaying NOT CONNECTED
Examining the gw app internal logs there arent any errors but several debug messages stating:
2021-01-11 15:38:19,717 DEBUG [drone_mode_modular_input.app] [drone_mode_subscription_modular_input] [do_run] [105715] Drone mode modular input will not run as drone mode is not enabled
The mobile application dashboard still shows 'Oops, something went wrong'
any ideas?
Thanks In advance
Just needed a server restart for the changes to take full effect... d'oh!
Status is now CONNECTED 🙂