Hello there,
I have an issue obtaining logs from an IPS.......I can add the IPS correctly, but then I receive this logs.
[root@localhost splunk]# tail -f sdee_get.log
Fri Feb 20 17:41:43 2015 - INFO - Checking for exsisting SubscriptionID on host: 10.201.158.35
Fri Feb 20 17:41:43 2015 - INFO - No exsisting SubscriptionID for host: 10.201.158.35
Fri Feb 20 17:41:43 2015 - INFO - Attempting to connect to sensor: 10.201.158.35
Fri Feb 20 17:41:43 2015 - INFO - Successfully connected to: 10.201.158.35
Fri Feb 20 17:41:44 2015 - ERROR - Connecting to sensor - 10.201.158.35: URLError: urlopen error [Errno 104] Connection reset by peer>
Splunk is in the Allowed host list in the IPS
Someone knows whats going on?
... View more