Thank you, this partially solved the issue since we can't still run the process.
When we try to run manually a connectiontest, that's what we get (we have FMC running 6.2.1 OS):
splunk-user@linux-server:/opt/splunk/etc/apps/TA-eStreamer/bin$ ./splencore.sh test
2017-09-04T10:04:49.731228 Diagnostics INFO Checking that configFilepath (estreamer.conf) exists
2017-09-04 10:04:49,736 Diagnostics INFO Check certificate
2017-09-04 10:04:49,736 Diagnostics INFO Creating connection
2017-09-04 10:04:49,736 estreamer.connection INFO Connecting to FMC-Server:8302
2017-09-04 10:04:49,737 estreamer.connection INFO Using TLS v1.2
2017-09-04 10:04:49,747 Diagnostics INFO Creating request message
2017-09-04 10:04:49,747 Diagnostics INFO Request message=0001000200000008ffffffff48900061
2017-09-04 10:04:49,747 Diagnostics INFO Sending request message
2017-09-04 10:04:49,747 Diagnostics INFO Receiving response message
2017-09-04 10:04:49,749 Diagnostics ERROR The FMC eStreamer server has closed the connection. There are a number of possible causes which may show above in the error log.
If you see no errors then this could be that:
* the server is shutting down
* there has been a client authentication failure (please check that your outbound IP address matches that associated with your certificate - note that if your device is subject to NAT then the certificate IP must match the upstream NAT IP)
* there is a problem with the server. If you are running FMC v6.0, you may need to install "Sourcefire 3D Defense Center S3 Hotfix AZ 6.1.0.3-1"
2017-09-04T10:04:49.749355 Diagnostics ERROR ConnectionClosedException: Connection closed
I tried to downgrade the TLS version to 1.0 as well as to increase logging to VERBOSE, but I keep on getting the same error.
I can give you this error more when trying to start manually the process:
2017-09-04 10:16:21,554 Service ERROR OSError: \nTraceback (most recent call last):\n File "./estreamer/service.py", line 179, in main\n self.start( reprocessPkcs12 = args.pkcs12 )\n File "./estreamer/service.py", line 148, in start\n self.posix()\n File "./estreamer/service.py", line 90, in _posix\n self._loop()\n File "./estreamer/service.py", line 67, in _loop\n if not condition.isTrue():\n File "/opt/splunk/etc/apps/TA-eStreamer/bin/encore/estreamer/condition/splunk.py", line 33, in isTrue\n 'status' ] )\n File "/usr/lib/python2.7/subprocess.py", line 567, in check_output\n process = Popen(stdout=PIPE, *popenargs, **kwargs)\n File "/usr/lib/python2.7/subprocess.py", line 711, in __init_\n errread, errwrite)\n File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child\n raise child_exception\nOSError: [Errno 2] No such file or directory\n
One note, I hope the next guide will be a bit more aligned in terms of naming convention across the option eNcore CLI Vs eNcore TA since the guide talks about an encore.sh but the TA has splencore.sh only. Nothing serious, just a good to have thing.
Thank you so much for your help.
... View more