Re: Splunk 6 Ciso ips error

fraijof · ‎10-16-2013

I upgraded Splunk to version 6 and data stopped flowing from our CiscoIPS. My sdee_get.log shows this error:
Wed Oct 16 09:16:53 2013 - ERROR - Connecting to sensor - MY IP: URLError:

I dug in deeper and I think its barking at the negotiation of SSL?
/splunk/lib/python2.7/ssl.py

I changed ssl.py ssl_version=PROTOCOL_SSLv23 to ssl_version=PROTOCOL_TLSv1 and still did not work.
I hope to get this online ASAP.

dshpritz · ‎05-14-2014

You may want to check out my answer here: http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8/135759. I posted some code that may solve this issue for you.

seanp · ‎10-17-2013

I had the same issue doing a new install on Splunk 6. I ended up having to install a Splunk 5.0.5 lightweight forwarder on a separate server and forward it to the central server. When I ran

openssl s_client -connect :443

with the version that is included in Splunk 6 but works fine in version 5.0.5. There seems to be an issue with this on Linux, however I experience the same issue with Windows

http://answers.splunk.com/answers/105193/cisco-ips-error-errno-8

seanp · ‎10-17-2013

I tried the very hackish replacing of the OpenSSL binary files in the bin directory with 0.9.8y but only got errors.

jgauthier · ‎10-17-2013

I was just uncovering this mess. Wouldn't it be possible to include another openssl library somewhere and reference that?

jgauthier · ‎10-17-2013

Mine is also broken after upgrading. I am still diagnosing this.

Splunk 6 Ciso ips error

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout