All Apps and Add-ons

Splunk Add-on for Cisco IPS: Why am I getting this error message trying to add a new Cisco IPS Sensor?

jean_tomaz
Explorer

Hi,

I have an issue adding new Cisco IPS Sensor.

The following message is appearing:

"Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/Splunk_TA_cisco-ips/admin/cisco_ips_setup/cisco_ips_setup_settings".

I need help, please.

Thanks a lot.

jcoates_splunk
Splunk Employee
Splunk Employee

Quick update -- 2.1.2 solved most of the SSL problems, but there's a couple of last ones we're nailing down for a new maintenance release. There is an interesting problem with these where the IPS only supports a few connections at a time, so there can be times where we're making a perfectly valid request and still get told no.

0 Karma

jmcrabb
Explorer

I saw this issue when I had tried copying the app's etc/local directory from a Windows server to a CentOS server. To get it to work, I had to delete the local directory, restart splunk, and use the web interface to add the sensors. This is with Splunk 6.1.4 heavy forwarder and Splunk Add-on for Cisco IPS 2.1.1. On top of that, I had to edit pySDEE.py per the comment by Colin Humphreys here: http://answers.splunk.com/answers/171146/ciscoips-script-not-working-in-splunk-universal-fo.html.

jcoates_splunk
Splunk Employee
Splunk Employee

version 2.1.2 should correct TLS mode errors, please upgrade and open a support ticket if it doesn't work.

0 Karma

imarks004
Path Finder

I am also seeing this same error. Anyone found a work around or any useful information from Splunk support?

0 Karma

JSkier
Communicator

Splunk professional services was on site when we upgraded this app on a heavy v6 forwarder. They usually don't do much for support of apps even those made by splunk, support usually has to come from the app creator (kinda scary way of doing support IMO).

I was able to get v6 going with 2.0 (the older version), by forcing TLSv1 in the python ssl library splunk uses. It stopped working for unknown reasons after a few hours (started getting the same error as the new version), so I've reverted back to 2.0 app with splunk 5 for now, which still works.

If interested in trying 2.0 (not the latest) app with splunk 6, edit the library splunk uses, look at this file, and change the ssl version (down a bit) to TLSv1: $SPLUNK_HOME/lib/python2.7/ssl.py

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi, the 2.1.2 update or later should solve these TLS issues.

Also, this is a Splunk-supported add-on; I'll be happy to chat with anyone who needs a hand with what that means.

0 Karma

JSkier
Communicator

Thanks, installation works and it is pulling feeds, but now it won't forward to the index for version 6. I put in a ticket.

0 Karma

cmoyanof
New Member

Hi Jack,

I have error "Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/Splunk_TA_cisco-ips/admin/cisco_ips_setup/cisco_ips_setup_settings"

My version of Splunk_TA_cisco-ips is 2.1.2

😞

0 Karma

JSkier
Communicator

Seeing this also. Have had success with previous 2.0 version and splunk heavy forwarder v5. v6 with ssl python library hack did work, but didn't last.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...