Getting Data In

UF tries to open two connections at the same time on the same outbound port

sgarvin55
Splunk Employee
Splunk Employee

On several servers, the universal forwarder tries to open up two connections at the same time on the same outbound port. The first connection succeeds, and the second connection generates event id 5157 for splunkd.exe. This happens constantly all day. How can I correct this to stop generating these errors?

Tags (2)
1 Solution

sgarvin55
Splunk Employee
Splunk Employee

We checked the following as possible causes for this issue:

  1. outputs.conf for multiple entries using same port
  2. more than one instance of Splunk running
  3. Firewall issues
  4. Event Logs show:

Audit Failure 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5157 Filtering Platform Connection
Audit Success 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5156 Filtering Platform Connection
Audit Failure 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5157 Filtering Platform Connection
Audit Success 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5156 Filtering Platform Connection

The issues was fixed by this Microsoft KB article:

http://support.microsoft.com/kb/2654852

View solution in original post

sgarvin55
Splunk Employee
Splunk Employee

We checked the following as possible causes for this issue:

  1. outputs.conf for multiple entries using same port
  2. more than one instance of Splunk running
  3. Firewall issues
  4. Event Logs show:

Audit Failure 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5157 Filtering Platform Connection
Audit Success 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5156 Filtering Platform Connection
Audit Failure 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5157 Filtering Platform Connection
Audit Success 6/10/2013 10:08:37 AM Microsoft Windows security auditing. 5156 Filtering Platform Connection

The issues was fixed by this Microsoft KB article:

http://support.microsoft.com/kb/2654852

Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...