streamfwd is shutting down

satishsdange · ‎05-26-2016

Has anyone faced this problem -

root@ip-172-31-19-68:/home/ubuntu# tail /opt/splunkforwarder/var/log/splunk/streamfwd.log
2016-05-26 05:05:45 INFO 140144301864832 stream.main - web interface listening on port 8889
2016-05-26 05:11:01 INFO 140144301864832 stream.main - streamfwd is shutting down
2016-05-26 05:10:58 INFO 139783477241728 stream.CaptureServer - Found DataDirectory: /opt/splunkforwarder/etc/apps/Splunk_TA_stream/data
2016-05-26 05:10:58 INFO 139783477241728 stream.CaptureServer - Found UIDirectory: /opt/splunkforwarder/etc/apps/Splunk_TA_stream/ui
2016-05-26 05:10:59 INFO 139783477241728 stream.CaptureServer - Default configuration directory: /opt/splunkforwarder/etc/apps/Splunk_TA_stream/default
2016-05-26 05:10:59 INFO 139783477241728 stream.CaptureServer - Starting data capture
2016-05-26 05:10:59 INFO 139783477241728 stream.main - streamfwd has started successfully (version 6.5.0 build 233)
2016-05-26 05:10:59 INFO 139783477241728 stream.main - web interface listening on port 8889
2016-05-26 05:11:08 WARN 139783339513600 stream.SnifferReactor - SSL decryption error (unrecognized SSL version) (ssl) [c=202.47.24.180:38361, s=172.31.19.68:80]
2016-05-26 06:05:12 INFO 139783477241728 stream.main - streamfwd is shutting down

satishsdange · ‎06-04-2016

Problem has been fixed.

Root cause - Configured ip address to 0.0.0.0 which was bringing stream forwarder down. Just changed it to interface ip & now its working.

root@ip-172-31-19-68:/opt/splunkforwarder/etc/apps/Splunk_TA_stream/local# cat streamfwd.conf
[streamfwd]
port = 8889
ipAddr = 0.0.0.0
root@ip-172-31-19-68:/opt/splunkforwarder/etc/apps/Splunk_TA_stream/local#

streamfwd is shutting down

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life