Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to resolve "tcp-rst-from-server" & "tcp-rst-from-client" errors?

yossefn
Path Finder
‎11-11-2020 01:52 AM

Hi, 

I'm trying to collect logs from a web servers, but getting an error on the FIrewall says "tcp-rst-from-server" on port 9997. Also, I have another error "tcp-rst-from-client" on port 8089.

I have to say that there are other servers in the same VLAN that I'm getting logs from. 

Where can I look to solve the problem?

Labels (1)
Labels
0 Karma
Reply

sbaror11
Explorer
‎11-11-2020 02:51 AM

Is it a question about Splunk or about the web servers? 

tcp reset from client or from servers is a layer-2 error which refers to an application layer related event

It can be described as "the client or server terminated the session but I don't know why"

You can look at the application (http/https) logs to see the reason. 

0 Karma
Reply

yossefn
Path Finder
‎11-11-2020 03:40 AM

Hi @sbaror11

The question is about Splunk - wondered if maybe Splunk denied somehow the connection, or I missed some configuration that preventing me from getting the logs. 

I had kind of issue with "aged-out" errors on the FW logs, then I figured out that the local FW on the Splunk servers denied the connection. 

0 Karma
Reply

kgalibert
New Member
‎03-31-2022 03:05 AM

Hi,

Do you have find your solution?

Have same issue between an UF on Windows server AD and an UF Relay.

Thans

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top