Environment:
Checkpoint firwall R75.40 (IP:172.16.10.1/24)
Management Server R75.40 (IP:172.16.10.2/24)
Splunk server(CentOS6.4 x86_64) (IP:172.16.10.190/24)
I discribe the issue as follows:
In Splunk server,the Last connection status is "Never Connected",can anyone have some ideas?
The splunk server , I used the command "cat web_service.log" displayed :
2013-10-19 19:03:54,450 INFO [52626719af1c7db10] root:536 - CONFIG: version_label (str): 5.0.5
2013-10-19 19:03:54,450 INFO [52626719af1c7db10] root:536 - CONFIG: version_number (str): 5.0.5
2013-10-19 19:03:54,450 INFO [52626719af1c7db10] root:536 - CONFIG: x_frame_options_sameorigin (bool): True
2013-10-19 19:03:54,468 INFO [52626719af1c7db10] root:134 - ENGINE: Bus STARTING
2013-10-19 19:03:54,478 INFO [52626719af1c7db10] root:134 - ENGINE: Started monitor thread 'TimeoutMonitor'.
2013-10-19 19:03:54,600 INFO [5262671a982a3c810] root:134 - ENGINE: Started monitor thread 'Monitor'.
2013-10-19 19:03:54,692 INFO [52626719af1c7db10] root:134 - ENGINE: Serving on 0.0.0.0:8000
2013-10-19 19:03:54,693 INFO [52626719af1c7db10] root:134 - ENGINE: Bus STARTED
2013-10-19 19:04:27,328 INFO [5262673b082a3cb90] root:134 - ENGINE: Started monitor thread 'Monitor'.
2013-10-19 19:04:27,332 ERROR [5262673b082a3cb90] config:81 - [HTTP 401] Client is not authenticated
Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/config.py", line 79, in getServerZoneInfo
return times.getServerZoneinfo()
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/times.py", line 158, in getServerZoneinfo
serverStatus, serverResp = splunk.rest.simpleRequest('/search/timeparser/tz')
File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/init_.py", line 477, in simpleRequest
raise splunk.AuthenticationFailed
AuthenticationFailed: [HTTP 401] Client is not authenticated2013-10-19 19:04:33,427 INFO [52626741652a4bbd0] account:256 - user=admin action=login status=success session=7140f70f31e393420c3417d0c485107a reason=user-initiated useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" clientip=172.16.10.5
2013-10-19 19:04:33,766 INFO [52626741717fb7381d9750] cached:77 - memoized decorator used on function
[root@splunk splunk]#
Can anyone give some suggestion?
It seems that you are having problems connecting to the MDMS. Can you open a support case so we can take a look at your diag file?
can you be more specific about what you are doing when the error occurs? are you trying to use the Splunk add-on for OPSEC-LEA? please also provide a more descriptive title for this question? otherwise, other users will not know what you are asking about.