Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About Klimdy
Klimdy
Explorer
Member since:
11-08-2017
06-05-2020
Community Statistics
| Posts | 4 |
| Solutions | 1 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 11-08-2017 |
Activity Feed
- Posted Re: How can I forward data from UniversalForwarder for 2 instances? on Getting Data In. 04-02-2018 04:21 AM
- Posted How can I forward data from UniversalForwarder for 2 instances? on Getting Data In. 04-02-2018 02:24 AM
- Tagged How can I forward data from UniversalForwarder for 2 instances? on Getting Data In. 04-02-2018 02:24 AM
- Tagged How can I forward data from UniversalForwarder for 2 instances? on Getting Data In. 04-02-2018 02:24 AM
- Tagged How can I forward data from UniversalForwarder for 2 instances? on Getting Data In. 04-02-2018 02:24 AM
- Posted Re: Wazuh: Why am I gettting these error messages? on All Apps and Add-ons. 11-15-2017 05:10 AM
- Posted Wazuh: Why am I gettting these error messages? on All Apps and Add-ons. 11-08-2017 05:19 AM
- Tagged Wazuh: Why am I gettting these error messages? on All Apps and Add-ons. 11-08-2017 05:19 AM
- Tagged Wazuh: Why am I gettting these error messages? on All Apps and Add-ons. 11-08-2017 05:19 AM
- Tagged Wazuh: Why am I gettting these error messages? on All Apps and Add-ons. 11-08-2017 05:19 AM
- Tagged Wazuh: Why am I gettting these error messages? on All Apps and Add-ons. 11-08-2017 05:19 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
04-02-2018
04:21 AM
inputs.conf in Splunk_TA_Stream on forwarder:
[streamfwd://streamfwd]
_TCP_ROUTING = testGroup
splunk_stream_app_location = https://my_indexer2:8000/en-us/custom/splunk_app_stream/
stream_forwarder_id =
disabled = 0
outputs.conf in Splunk_TA_Stream on forwarder:
[tcpout:testgroup]
server = my_indexer2:9997
and i have a second app on forwarder:
inputs.conf in _server_app_my_app on forwarder:
[monitor:///var/log/audit/audit.log]
_TCP_ROUTING = prodgroup
disabled = false
index = auditd
sourcetype = linux:audit
ouputs.conf in _server_app_my_app on forwarder:
[tcpout:prodgroup]
server = my_indexer1:9997
Before, I had outputs.conf in /local but i deleted it and after that restart splunkforwarder. Deployment server is my_indexer1, i need stream data routing to my_indexer2 and linux:audit to my_indexer1, but stream data is routing on 2 indexer.
... View more
04-02-2018
02:24 AM
I have universal forwarder with Splunk_TA_Stream and my app _server_app_audit where in inputs.conf I write _TCP_Routing = mygroup1 or 2 at each app. After that, I write into outputs.conf [tcpout:mygroup1 or 2] server = index1:9997 or 2 at each app but stream sends data to all indexes.
... View more
11-15-2017
05:10 AM
So, after many manipulations, i can explain why i hade this problem) For somebody who want to install this addon:
after installation addon, you have file passwords.conf in directory of addon, the credentials in this file not generation by script and you need delete all text and paste:
username = your_splunk_login_admin
password = pass_for_admin
all scripts normally work and you can see wazuh_api index and in this file you can see your credentials))) and the last, after that you can delete username and password ))))
enjoy)))
... View more
11-08-2017
05:19 AM
Hi, i have some problems with TA, i install TA like in instruction, but in splunkd.log i see errors for all wazuh_api_*
Version Splunk 7.0.0 standalone
11-08-2017 12:55:40.905 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" Traceback (most recent call last):
11-08-2017 12:55:40.905 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/modinput_wrapper/base_modinput.py", line 113, in stream_events
11-08-2017 12:55:40.905 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" self.parse_input_args(input_definition)
11-08-2017 12:55:40.905 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/modinput_wrapper/base_modinput.py", line 152, in parse_input_args
11-08-2017 12:55:40.905 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" self.parse_input_args_from_global_config(inputs)
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/modinput_wrapper/base_modinput.py", line 171, in _parse_input_args_from_global_config
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" ucc_inputs = global_config.inputs.load(input_type=self.input_type)
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/global_config/configuration.py", line 270, in load
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" input_item['entity']
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/global_config/configuration.py", line 175, in _load_endpoint
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" **query
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/packages/splunklib/binding.py", line 287, in wrapper
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" return request_fun(self, *args, **kwargs)
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/packages/splunklib/binding.py", line 69, in new_f
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" val = f(*args, **kwargs)
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/packages/splunklib/binding.py", line 665, in get
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" response = self.http.get(path, self._auth_headers, **query)
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/packages/splunklib/binding.py", line 1160, in get
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" return self.request(url, { 'method': "GET", 'headers': headers })
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/packages/splunklib/binding.py", line 1221, in request
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" raise HTTPError(response)
11-08-2017 12:55:40.906 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-wazuh-api-connector/bin/wazuh_api_info_basic.py" HTTPError: HTTP 500 Internal Server Error -- {"messages":[{"type":"ERROR","text":"Unexpected error \" \" from python handler: \"REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File \"/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py\", line 113, in wrapper\n for name, data, acl in meth(self, *args, **kwargs):\n File \"/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py\", line 348, in _format_all_response\n self._encrypt_raw_credentials(cont['entry'])\n File \"/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py\", line 382, in _encrypt_raw_credentials\n change_list = rest_credentials.decrypt_all(data)\n File \"/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/credentials.py\", line 286, in decrypt_all\n all_passwords = credential_manager._get_all_passwords()\n File \"/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/utils.py\", line 154, in wrapper\n return func(*args, **kwargs)\n File \"/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/credentials.py\", line 272, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: cannot concatenate 'str' and 'NoneType' objects\n\". See splunkd.log for more details."}]}
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential: REST_CREDENTIAL_#TA-wazuh-api-connector#data/inputs/wazuh_api_agents:api_server splunk_cred_sep 1: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_agents:api_server splunk_cred_sep 2: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_decoders:api_server splunk_cred_sep 1: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_decoders:api_server splunk_cred_sep 2: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_info_basic:api_server splunk_cred_sep 1: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_info_basic:api_server splunk_cred_sep 2: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_rules:api_server splunk_cred_sep 1: is not utf8, skipping
11-08-2017 12:55:41.617 +0000 ERROR PasswordHandler - Decrypted password from stanza=credential:REST_CREDENTIAL#TA-wazuh-api-connector#data/inputs/wazuh_api_rules:api_server splunk_cred_sep 2: is not utf8, skipping
11-08-2017 12:55:41.642 +0000 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 130, in init\n hand.execute(info)\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 594, in execute\n if self.requestedAction == ACTION_LIST: self.handleList(confInfo)\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunk_aoblib/rest_migration.py", line 38, in handleList\n AdminExternalHandler.handleList(self, confInfo)\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/admin_external.py", line 40, in wrapper\n for entity in result:\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 120, in wrapper\n raise RestError(500, traceback.format_exc())\nRestError: REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 113, in wrapper\n for name, data, acl in meth(self, *args, **kwargs):\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 348, in _format_all_response\n self._encrypt_raw_credentials(cont['entry'])\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 382, in _encrypt_raw_credentials\n change_list = rest_credentials.decrypt_all(data)\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/credentials.py", line 286, in decrypt_all\n all_passwords = credential_manager._get_all_passwords()\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/utils.py", line 154, in wrapper\n return func(*args, **kwargs)\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/credentials.py", line 272, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: cannot concatenate 'str' and 'NoneType' objects\n\n
11-08-2017 12:55:41.642 +0000 ERROR AdminManagerExternal - Unexpected error " " from python handler: "REST Error [500]: Internal Server Error -- Traceback (most recent call last):\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 113, in wrapper\n for name, data, acl in meth(self, *args, **kwargs):\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 348, in _format_all_response\n self._encrypt_raw_credentials(cont['entry'])\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/handler.py", line 382, in _encrypt_raw_credentials\n change_list = rest_credentials.decrypt_all(data)\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/splunktaucclib/rest_handler/credentials.py", line 286, in decrypt_all\n all_passwords = credential_manager._get_all_passwords()\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/utils.py", line 154, in wrapper\n return func(*args, **kwargs)\n File "/opt/splunk/etc/apps/TA-wazuh-api-connector/bin/ta_wazuh_api_connector/solnlib/credentials.py", line 272, in _get_all_passwords\n clear_password += field_clear[index]\nTypeError: cannot concatenate 'str' and 'NoneType' objects\n". See splunkd.log for more details.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
