Getting Data In

Not getting logs from ADAuditplus using Splunk HTTP


As per the documentation, I have generated a new token in Splunk and configured ADAuditplus using the token. However, I still dont see any logs from it.
I have also checked the HTTP Event Collector: Instance page under Monitoring Console-->Indexing-->Inputs, but it says, "You currently have no tokens configured."

UPDATE: It was the firewall initially that was blocking the connection. However, now its a SSL issue.
When SSL was enabled on ADAuditplus, it gave this error, while idling: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown
After disabling the SSL, its giving this error, error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

Please advise.

Tags (2)
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!