I observed that version 3.5.3 need $SPLUNK_HOME variable set to work.
Still I have issues on getting the firpower data connection events.
I do get status and log.
[splunk@vsrpdc1hfw01 bin]$ ./splencore.sh status
status_id=1 status="Running"
[splunk@vsrpdc1hfw01 bin]$ ./splencore.sh test
2018-10-05T23:31:28.806962 Diagnostics INFO Checking that configFilepath (estreamer.conf) exists
2018-10-05 23:31:28,813 Diagnostics INFO Check certificate
2018-10-05 23:31:28,813 Diagnostics INFO Creating connection
2018-10-05 23:31:28,813 Connection INFO Connecting to 10.95.251.87:8302
2018-10-05 23:31:28,813 Connection INFO Using TLS v1.2
2018-10-05 23:31:29,008 Diagnostics INFO Creating request message
2018-10-05 23:31:29,009 Diagnostics INFO Request message=0001000200000008ffffffff48900061
2018-10-05 23:31:29,009 Diagnostics INFO Sending request message
2018-10-05 23:31:29,009 Diagnostics INFO Receiving response message
2018-10-05 23:31:29,014 Diagnostics INFO Response message=KGRwMApTJ2xlbmd0aCcKcDEKSTQ4CnNTJ3ZlcnNpb24nCnAyCkkxCnNTJ2RhdGEnCnAzClMnXHgwMFx4MDBceDEzXHg4OVx4MDBceDAwXHgwMFx4MDhceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgxM1x4ODhceDAwXHgwMFx4MDBceDA4XHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwXHgwMFx4MWFceDBiXHgwMFx4MDBceDAwXHgwOFx4MDBceDAwXHgwMFx4MDBceDAwXHgwMFx4MDBceDAwJwpwNApzUydtZXNzYWdlVHlwZScKcDUKSTIwNTEKcy4=
2018-10-05 23:31:29,014 Diagnostics INFO Streaming info response
2018-10-05 23:31:29,014 Diagnostics INFO Connection successful
[splunk@vsrpdc1hfw01 bin]$
Any idea?
... View more