All Apps and Add-ons

estreamer_client ERROR: Remote host closed socket at SFStreamer.pm line 1735

s_ruggiero
Explorer

hi all,

while try running the command: perl estreamer_client.pl -c ../default/estreamer.conf -t
so i can test connection with my SourceFire DC, iam getting this error and none logs are exported:

SFPkcs12 : Writing ./server.crt
SFPkcs12 : Writing ./server.key
Retrieving metadata from file ./metadata.dat
Error loading metadata from file (./metadata.dat): at estreamer_client.pl line 1175.
[371] Connecting to 192.168.X.XX port 8302
[371] Opening event stream
Remote host closed socket at line 1735.

i try also to run: check_client.py but it didnt give any error, even if logs with that time in the log directory are empy:

[31990] Daemonizing process
event_sec=1430490301 status_id=2 status="Started eStreamer client."

any advice or help on how can i solve this issue?

Best Regards

lkouajie
New Member

You have to generate a new client certificate for host where the estreamer client is running

0 Karma

cpraz_ord
Explorer

Hi wondering if anyone has solved this...

0 Karma

cpraz_ord
Explorer

Here's the fix...
Adding Authentication for eStreamer Clients

link text

0 Karma

s_ruggiero
Explorer

noone have ideas or suggestions ?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...