No data in estreamer.log after Sourcefire update. SSL test shows connection to Sourcefire server is up. I've restarted splunkd but still no data. Any suggestions?
Had a similar situation: estream stopped flowing after a network outage that took the SDC-splunk link down...
Ended up manually removing pid files in apps/Sourcefire/tmp ; archiving logs in ../log
However, most likely, it's the bookmark reset (./ssl_test.pl -start=now ) that helped...
Had a similar situation: estream stopped flowing after a network outage that took the SDC-splunk link down...
Ended up manually removing pid files in apps/Sourcefire/tmp ; archiving logs in ../log
However, most likely, it's the bookmark reset (./ssl_test.pl -start=now ) that helped...
Thanks. What is function of ssl_test.pl? I've renamed it so it won't run. Doesn't seem to affect the splunk server. Before disabling, about every three weeks, ssl_test.pl would spawn run-away processes and slow the server way down. I'd have to manually killall of the ssl_test.pl PIDs.