Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Problem mionitor cisco IPS

mbattaglia
Engager
‎08-01-2011 06:25 AM

I have a problem to monitor the module Cisco IPS ASA5585-SSP-IPS10

From the IPS I see this error ; the state remain in state Read Pending;

sub-8-9480fcb4
State = Read Pending
Last Read Time = 13:22:42 UTC Mon Aug 01 2011
Last Read Time (nanoseconds) = 1312204962229391000

From the splunk server I see this error:

tail -f /opt/splunk/var/log/splunk/sdee_get.log

Fri Jul 29 14:26:45 2011 - ERROR - Exception thrown while parsing SDEE payload: Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py", line 74, in run
alert_obj_list = idsmxml.parse_alerts( result_xml )
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py",
line 243, in parse_alerts alert_obj.signature = build_sig(sig[0])
File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py", line 190, in build_sig
signature.marscategory = node.getElementsByTagName('marsCategory')[0].firstChild.wholeText
IndexError: list index out of range

There's a solution to resolve this problem?

Tags (1)
Reply

mwong
Splunk Employee
Splunk Employee
‎05-08-2012 01:35 AM

Please update the Cisco IPS apps to latest version, it should fix the error.

Reply

Will_Hayes
Splunk Employee
Splunk Employee
‎02-08-2012 12:14 PM

We were recently made aware of this issue caused by an un-annouced change in the SDEE payload with the latest software update. We will be pushing a fix to Splunkbase soon but in the mean time please feel free to contact me directly and I will send you an update. You can reach me at: will (at) splunk.com
Thanks!

Reply

troywollenslege
Path Finder
‎02-03-2012 10:55 AM

we are getting the same error, did you find a solution?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...