Getting Data In

SSL error with new version of nozomi addon

Aqibrehman1
Loves-to-Learn

Hi, I'm not able to integrate SPlunk with Nozomi, with the available app (Nozomi Networks Universal Add-on), on the other hand I've tested the legacy addon and receive the alerys/assets but not with full info.

The server (Nozomi Guardian) is self-signed.

After configuring the latest version and setting up the inputs for receiving alerts, asset etc. There's no data being received in the index, and from the splunk logs I see the following:

 

06-13-2024 21:23:01.529 +0200 ERROR ExecProcessor [3854374 ExecProcessor] - message from "/opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-nozomi-networks-universal-add-on/bin/universal_session.py" HTTPSConnectionPool(host='192.168.1.4', port=443): Max retries exceeded with url: /api/open/sign_in (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1106)')))

I tought the solution could be by just disabling the ssl verification, but then why the legacy addon is working fine but the new version is not? In case I need to disable SSL verification, would like to know where is the right file and parameter.

 

thank you,

 

0 Karma

deepakc
Builder

I suspect that they have made some changes to the TA add-on code and python scripts  universal_session.py

I would contact them directly and see if you can get any further information. Disabling comes with security risks,  and most likely done within the python code. But I understand you have self signed ones,  and should have options, so seeking their advise might be the best cause of action, hopefully they can get the TA developer to give you further help. 

 [email protected] 

 

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...