cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
fraijof
Explorer
Member since: ‎02-07-2012
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 0
Karma Received 2
Member Since ‎02-07-2012
Activity Feed
View All

Re: Cisco IPS addon, Splunk 6 and ssl errors

by in All Apps and Add-ons
‎01-08-2014 01:35 PM
1 Karma
‎01-08-2014 01:35 PM
1 Karma
I struggled with this for several weeks. Even opened a case with Splunk with no solution. However, finally managed to get this working. I created a new Virtural Machine. Loaded Red Hat Fedora 19 ( min. install ) Installed Server Splunk 5.5 Install Splunk CiscoIPS app cd /opt/splunk/etc/system/local vi inputs.conf [default] host = splunkforwarder [monitor:///opt/splunk/etc/apps/Splunk_CiscoIPS/var/log/ips_sdee.log.ips.XXXXXXXX] So I'm pushing this data to Splunk 6 Server and it works been working for about 3 months now. Hope this helps. Splunk could not give me any ETA on an update to this issue. Had I known this broke after going to Splunk 6 I'd would have stayed on Splunk 5.5. ... View more

Re: ImportError: No module named splunk.entity

by in Getting Data In
‎10-30-2013 09:05 AM
‎10-30-2013 09:05 AM
./splunk envvars PATH=/opt/splunkforwarder/bin:/usr/lib64/ccache:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin ; export PATH ; SPLUNK_HOME=/opt/splunkforwarder ; export SPLUNK_HOME ; SPLUNK_DB=/opt/splunkforwarder/var/lib/splunk ; export SPLUNK_DB ; SPLUNK_SERVER_NAME=splunkforwarder ; export SPLUNK_SERVER_NAME ; SPLUNK_WEB_NAME=splunkweb ; export SPLUNK_WEB_NAME ; LD_LIBRARY_PATH=/opt/splunkforwarder/lib ; export LD_LIBRARY_PATH ; LDAPCONF=/opt/splunkforwarder/etc/openldap/ldap.conf ; export LDAPCONF ... View more

ImportError: No module named splunk.entity

by in Getting Data In
‎10-25-2013 08:18 AM
1 Karma
‎10-25-2013 08:18 AM
1 Karma
I'm running Splunk ver 6 on my current server. There is a known bug with CiscoIPS so I was recommended I create a new VM and load splunkforwarder ver 5.0.5 and push IPS data to my Splunk 6 server. After MANY attempts in my config's, the log file is throwing connection errors. /opt/splunkforwarder/var/log/splunk 10-24-2013 13:05:42.808 -0700 ERROR ExecProcessor - message from "python /opt/splunkforwarder/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py splunk PASSWORDREMOVED ips.olcc.state.or.us" ImportError: No module named splunk.entity 10-24-2013 13:05:42.832 -0700 INFO ExecProcessor - Ran script: python /opt/splunkforwarder/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py splunk PASSWORDREMOVED ips.olcc.state.or.us, took 147.5 milliseconds to run, 0 bytes read, exited with code 1 /opt/splunkforwarder/etc/apps/Splunk_CiscoIPS/local/inputs.conf [script://$SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py "splunk" "PASSREMOVED" "ips.olcc.state.or.us" ""] disabled = 0 index = main interval = 1 source = SDEE sourcetype = cisco_ips_syslog /opt/splunkforwarder/etc/apps/Splunk_CiscoIPS/var/log no data. /opt/splunkforwarder/etc/system/local [root@splunkips local]# cat outputs.conf [tcpout:group1] server=cave:9997 [root@splunkips local]# pwd /opt/splunkforwarder/etc/system/local [root@splunkips local]# cat inputs.conf [default] host = splunkips ... View more

Splunk 6 Ciso ips error

by in Security
‎10-16-2013 09:28 AM
‎10-16-2013 09:28 AM
I upgraded Splunk to version 6 and data stopped flowing from our CiscoIPS. My sdee_get.log shows this error: Wed Oct 16 09:16:53 2013 - ERROR - Connecting to sensor - MY IP: URLError: I dug in deeper and I think its barking at the negotiation of SSL? /splunk/lib/python2.7/ssl.py I changed ssl.py ssl_version=PROTOCOL_SSLv23 to ssl_version=PROTOCOL_TLSv1 and still did not work. I hope to get this online ASAP. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All