All Apps and Add-ons

OPSEC-LEA issues

universal666888
New Member

Environment:
Checkpoint firwall R75.40 (IP:172.16.10.1/24)

Management Server R75.40 (IP:172.16.10.2/24)

Splunk server(CentOS6.4 x86_64) (IP:172.16.10.190/24)




I discribe the issue as follows:


In Splunk server,the Last connection status is "Never Connected",can anyone have some ideas?
The splunk server , I used the command "cat web_service.log" displayed :
2013-10-19 19:03:54,450 INFO [52626719af1c7db10] root:536 - CONFIG: version_label (str): 5.0.5
2013-10-19 19:03:54,450 INFO [52626719af1c7db10] root:536 - CONFIG: version_number (str): 5.0.5
2013-10-19 19:03:54,450 INFO [52626719af1c7db10] root:536 - CONFIG: x_frame_options_sameorigin (bool): True
2013-10-19 19:03:54,468 INFO [52626719af1c7db10] root:134 - ENGINE: Bus STARTING
2013-10-19 19:03:54,478 INFO [52626719af1c7db10] root:134 - ENGINE: Started monitor thread 'TimeoutMonitor'.
2013-10-19 19:03:54,600 INFO [5262671a982a3c810] root:134 - ENGINE: Started monitor thread 'Monitor'.
2013-10-19 19:03:54,692 INFO [52626719af1c7db10] root:134 - ENGINE: Serving on 0.0.0.0:8000
2013-10-19 19:03:54,693 INFO [52626719af1c7db10] root:134 - ENGINE: Bus STARTED
2013-10-19 19:04:27,328 INFO [5262673b082a3cb90] root:134 - ENGINE: Started monitor thread 'Monitor'.
2013-10-19 19:04:27,332 ERROR [5262673b082a3cb90] config:81 - [HTTP 401] Client is not authenticated
Traceback (most recent call last):
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/config.py", line 79, in getServerZoneInfo
return times.getServerZoneinfo()
File "/opt/splunk/lib/python2.7/site-packages/splunk/appserver/mrsparkle/lib/times.py", line 158, in getServerZoneinfo
serverStatus, serverResp = splunk.rest.simpleRequest('/search/timeparser/tz')
File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/
init_.py", line 477, in simpleRequest
raise splunk.AuthenticationFailed
AuthenticationFailed: [HTTP 401] Client is not authenticated2013-10-19 19:04:33,427 INFO [52626741652a4bbd0] account:256 - user=admin action=login status=success session=7140f70f31e393420c3417d0c485107a reason=user-initiated useragent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)" clientip=172.16.10.5
2013-10-19 19:04:33,766 INFO [52626741717fb7381d9750] cached:77 - memoized decorator used on function with non hashable arguments
[root@splunk splunk]#

Can anyone give some suggestion?

0 Karma

araitz
Splunk Employee
Splunk Employee

It seems that you are having problems connecting to the MDMS. Can you open a support case so we can take a look at your diag file?

0 Karma

piebob
Splunk Employee
Splunk Employee

can you be more specific about what you are doing when the error occurs? are you trying to use the Splunk add-on for OPSEC-LEA? please also provide a more descriptive title for this question? otherwise, other users will not know what you are asking about.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...