I upgraded Splunk to version 6 and data stopped flowing from our CiscoIPS. My sdee_get.log shows this error:
Wed Oct 16 09:16:53 2013 - ERROR - Connecting to sensor - MY IP: URLError:
I dug in deeper and I think its barking at the negotiation of SSL?
I changed ssl.py ssl_version=PROTOCOL_SSLv23 to ssl_version=PROTOCOL_TLSv1 and still did not work.
I hope to get this online ASAP.
I had the same issue doing a new install on Splunk 6. I ended up having to install a Splunk 5.0.5 lightweight forwarder on a separate server and forward it to the central server. When I ran
openssl s_client -connect
with the version that is included in Splunk 6 but works fine in version 5.0.5. There seems to be an issue with this on Linux, however I experience the same issue with Windows