cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
djames
New Member
Member since: ‎05-11-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-11-2011
Activity Feed
Topics I've Started
View All

Re: Splunk Cisco IPS

by in All Apps and Add-ons
‎05-16-2011 12:51 PM
‎05-16-2011 12:51 PM
Has anyone ever got this to work? I am trying to see the IPS alerts from my Cisco ISR router running the IOS IPS feature set. I run on the router sh ip sdee sub and can see that the router is sending the sdee alerts to the splunk server. I am running the latest splunk on a 64bit Ubuntu server. But other than that, absolutely nothing on the real time IPS Dashboard. ... View more

Splunk Cisco IPS

by in All Apps and Add-ons
‎05-16-2011 07:26 AM
‎05-16-2011 07:26 AM
When I run | search index="_internal" sourcetype="sdee_connection" I get the following error: Mon May 16 10:20:10 2011 - ERROR - Exception thrown while parsing SDEE payload: Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py", line 74, in run alert_obj_list = idsmxml.parse_alerts( result_xml ) File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py", line 240, in parse_alerts alert_obj = build_global(alert) File "/opt/splunk/etc/apps/Splunk_CiscoIPS/bin/pysdee/idsmxml.py", line 136, in build_global alert.appname = node.getElementsByTagName('sd:originator')[0].getElementsByTagName('cid:appName')[0].firstChild.wholeText IndexError: list index out of range ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:02 AM