Security

Why is DB Connect is no longer able to run searches with error "Getinfo probe failed for external search command 'dbquery'"?

jwelch_splunk
Splunk Employee
Splunk Employee

Our queries that used to work stopped working with error:

Error in 'script': Getinfo probe failed for external search command 'dbquery'

Tags (1)
1 Solution

jwelch_splunk
Splunk Employee
Splunk Employee

In jbridge log saw this error:

2015-02-06 11:02:14,660 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/splunk,SPLUNK_DB=/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:195) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:203) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at sun.security.ssl.Handshaker.activate(Handshaker.java:470) at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1438) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1308) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav... at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at com.splunk.rest.Splunkd.request(Splunkd.java:212) at com.splunk.rest.Splunkd.request(Splunkd.java:98) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:193)

Was able to find the start of this entry, and it correlated with a System Update and restart:

Splunk 6.1.4
OS was upgraded Oracle Linux
Patched the 1.7.0 version of java.

In the DBX app under ../local/java.conf it points to version of java being used in my case:

home = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/

The file below had a line we commented out:
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3
to

jdk.tls.disabledAlgorithms=SSLv3

no restart required.

View solution in original post

ehorjus
Explorer

An extension to this solution if you don't want to depend on your system administrator and Linux patching cycles:

1) create the file /opt/splunk/etc/apps/dbx/local/java.security with only the same attribute but empty value:
jdk.tls.disabledAlgorithms=

2) add the following option to the start-up options of DBconnect:
-Djava.security.properties=/opt/splunk/etc/apps/dbx/local/java.security

Also no restart required and you don't have to worry about the next Linux patching cycle (at least not for this issue). The only pittfall is that the default java.security file in your JRE directory should have the following option set to true (default): security.overridePropertiesFile

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

In jbridge log saw this error:

2015-02-06 11:02:14,660 ERROR Java process returned error code 1! Error: Initializing Splunk context... Environment: SplunkEnvironment{SPLUNK_HOME=/splunk,SPLUNK_DB=/splunk/var/lib/splunk} Configuring Log4j... Exception in thread "main" com.splunk.config.SplunkConfigurationException: IO Error while reading configuration from Splunkd: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:195) at com.splunk.config.rest.RESTAdapter.readConfig(RESTAdapter.java:203) at com.splunk.config.cache.CachedConfigurationAdapter.readConfig(CachedConfigurationAdapter.java:32) at com.splunk.config.cache.CachedConfigurationAdapter.readStanza(CachedConfigurationAdapter.java:40) at com.splunk.env.SplunkContext.getConfigStanza(SplunkContext.java:313) at com.splunk.env.SplunkContext.initialize(SplunkContext.java:128) at com.splunk.bridge.JavaBridgeServer.main(JavaBridgeServer.java:34) Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at sun.security.ssl.Handshaker.activate(Handshaker.java:470) at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1438) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1308) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav... at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) at com.splunk.rest.Splunkd.request(Splunkd.java:212) at com.splunk.rest.Splunkd.request(Splunkd.java:98) at com.splunk.config.rest.RESTAdapter.request(RESTAdapter.java:193)

Was able to find the start of this entry, and it correlated with a System Update and restart:

Splunk 6.1.4
OS was upgraded Oracle Linux
Patched the 1.7.0 version of java.

In the DBX app under ../local/java.conf it points to version of java being used in my case:

home = /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/

The file below had a line we commented out:
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.65.x86_64/jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3
to

jdk.tls.disabledAlgorithms=SSLv3

no restart required.

View solution in original post

adaley
New Member

yes, commenting out SSLv3 from Java.security file worked!
thank you very much!!!!!

0 Karma

rkirkw
Path Finder

Thanks! This fixed my issue as well

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.