Have recently installed Splunk 6 Enterprise and realize that the Cisco IPS addon only states 5.0 support not 6.0 but was hoping I could get it to pull the SDEE data from my Cisco IPS.
Running:
IPS-4260-K9
Build Version: 7.0(4)E4
Current Signature version: IPS-sig-S756-req-E4.pkg
Installed the version 2.0.0 of the addon and the Cisco Security Suite and am getting my ASA firewall working with providing the syslog data to the suite but unable to get the IPS addon to successfully connect to pull data.
Out of the box I receive:
12/10/13
8:17:43.000 AM
Tue Dec 10 08:17:43 2013 - ERROR - Connecting to sensor - 139.67.126.218: URLError:
host = splunk.serv14.eiu.edu source = /opt/splunk/var/log/splunk/sdee_get.log sourcetype = sdee_connection
12/10/13
8:17:42.000 AM
Tue Dec 10 08:17:42 2013 - INFO - Successfully connected to: 139.67.126.218
host = splunk.serv14.eiu.edu source = /opt/splunk/var/log/splunk/sdee_get.log sourcetype = sdee_connection
12/10/13
8:17:42.000 AM
Tue Dec 10 08:17:42 2013 - INFO - Attempting to connect to sensor: 139.67.126.218
host = splunk.serv14.eiu.edu source = /opt/splunk/var/log/splunk/sdee_get.log sourcetype = sdee_connection
12/10/13
8:17:42.000 AM
Tue Dec 10 08:17:42 2013 - INFO - No exsisting SubscriptionID for host: 139.67.126.218
host = splunk.serv14.eiu.edu source = /opt/splunk/var/log/splunk/sdee_get.log sourcetype = sdee_connection
12/10/13
8:17:42.000 AM
Tue Dec 10 08:17:42 2013 - INFO - Checking for exsisting SubscriptionID on host: 139.67.126.218
I have seen a similar posting on the answers site with no real answers.
I attempted to hack my ssl.py file to change the PROTOCOL_VERSION to be SSLv3 instead of the default TLSv1 and that seemed to get closer but still had SSL errors as well as it seemed to break my ability to search for splunk apps (wierd). So I backed that off and was hoping someone could give me the straight scoop on whether this is even something I should pursue or if there was going to be some modification to the addon to work with Splunk 6?
Thanks.
Brian Murphy
Eastern Illinois University
... View more