Re: Problem mionitor cisco IPS

mbattaglia · ‎08-01-2011

I have a problem to monitor the module Cisco IPS ASA5585-SSP-IPS10

From the IPS I see this error ; the state remain in state Read Pending;

sub-8-9480fcb4
State = Read Pending
Last Read Time = 13:22:42 UTC Mon Aug 01 2011
Last Read Time (nanoseconds) = 1312204962229391000

From the splunk server I see this error:

tail -f /opt/splunk/var/log/splunk/sdee_get.log

Fri Jul 29 14:26:45 2011 - ERROR - Exception thrown while parsing SDEE payload: Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py", line 74, in run
alert_obj_list = idsmxml.parse_alerts( result_xml )
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py",
line 243, in parse_alerts alert_obj.signature = build_sig(sig[0])
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py", line 190, in build_sig
signature.marscategory = node.getElementsByTagName('marsCategory')[0].firstChild.wholeText
IndexError: list index out of range

There's a solution to resolve this problem?

mwong · ‎05-08-2012

Please update the Cisco IPS apps to latest version, it should fix the error.

Will_Hayes · ‎02-08-2012

We were recently made aware of this issue caused by an un-annouced change in the SDEE payload with the latest software update. We will be pushing a fix to Splunkbase soon but in the mean time please feel free to contact me directly and I will send you an update. You can reach me at: will (at) splunk.com
Thanks!

troywollenslege · ‎02-03-2012

we are getting the same error, did you find a solution?

Problem mionitor cisco IPS

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor