Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Problem mionitor cisco IPS

mbattaglia
Engager
‎08-01-2011 06:25 AM

I have a problem to monitor the module Cisco IPS ASA5585-SSP-IPS10

From the IPS I see this error ; the state remain in state Read Pending;

sub-8-9480fcb4
State = Read Pending
Last Read Time = 13:22:42 UTC Mon Aug 01 2011
Last Read Time (nanoseconds) = 1312204962229391000

From the splunk server I see this error:

tail -f /opt/splunk/var/log/splunk/sdee_get.log

Fri Jul 29 14:26:45 2011 - ERROR - Exception thrown while parsing SDEE payload: Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py", line 74, in run
alert_obj_list = idsmxml.parse_alerts( result_xml )
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py",
line 243, in parse_alerts alert_obj.signature = build_sig(sig[0])
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py", line 190, in build_sig
signature.marscategory = node.getElementsByTagName('marsCategory')[0].firstChild.wholeText
IndexError: list index out of range

There's a solution to resolve this problem?

Tags (1)
Reply

mwong
Splunk Employee
Splunk Employee
‎05-08-2012 01:35 AM

Please update the Cisco IPS apps to latest version, it should fix the error.

Reply

Will_Hayes
Splunk Employee
Splunk Employee
‎02-08-2012 12:14 PM

We were recently made aware of this issue caused by an un-annouced change in the SDEE payload with the latest software update. We will be pushing a fix to Splunkbase soon but in the mean time please feel free to contact me directly and I will send you an update. You can reach me at: will (at) splunk.com
Thanks!

Reply

troywollenslege
Path Finder
‎02-03-2012 10:55 AM

we are getting the same error, did you find a solution?

0 Karma
Reply
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...