I installed Splunk on my laptop to check out the tool. Since there was a way to integrate Cisco FMC (we have ver. 6.2.2.2), I proceeded to download the eNcore eStreamer Add-on.
After installing the add-on, it asks for below:
FMC Hostname or IP address — I enter the address
Check the "Process PKCS12 file? — I check this checkbox
PKCS12 password — I enter the password that I used when generating the client in the FMC under Sytem>Integration>eStreamer. Also, when generating the client in FMC, I used the IP of my laptop (instructions mentioned to enter the IP of the client which will be collecting data from the FMC)
Click Save
After a few seconds I get "Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main"
I checked the C:\Program Files\Splunk\var\log\splunk\splunkd.log and below is what I see:
02-20-2019 15:15:25.293 -0600 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 130, in init\n hand.execute(info)\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 595, in execute\n if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 94, in handleEdit\n self._configure()\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 73, in _configure\n output = subprocess.check_output( cmds, stderr = subprocess.STDOUT )\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 216, in check_output\n process = Popen(stdout=PIPE, *popenargs, **kwargs)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 394, in __init__\n errread, errwrite)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 644, in _execute_child\n startupinfo)\nWindowsError: [Error 193] %1 is not a valid Win32 application\n
02-20-2019 15:15:25.293 -0600 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.WindowsError'>" from python handler: "[Error 193] %1 is not a valid Win32 application". See splunkd.log for more details.
02-20-2019 15:15:25.293 -0600 ERROR SetupAdminHandler - Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main
02-20-2019 15:39:19.407 -0600 ERROR ProcessDispatchedSearch - PROCESS_SEARCH - Failed opening "C:\Program Files\Splunk\var\run\splunk\dispatch\SummaryDirector_1550698758.3\search.log": The process cannot access the file because it is being used by another process.
02-20-2019 16:00:00.009 -0600 INFO ExecProcessor - setting reschedule_ms=3599991, for command=python "C:\Program Files\Splunk\etc\apps\splunk_instrumentation\bin\instrumentation.py"
02-20-2019 16:00:32.762 -0600 WARN SetupAdminHandler - Cannot find field='process_pkcs12' in url='/encore/configure/main/' setting value to empty string
02-20-2019 16:00:41.359 -0600 WARN SetupAdminHandler - Cannot find field='process_pkcs12' in url='/encore/configure/main/' setting value to empty string
02-20-2019 16:00:54.000 -0600 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 130, in init\n hand.execute(info)\n File "C:\Program Files\Splunk\Python-2.7\Lib\site-packages\splunk\admin.py", line 595, in execute\n if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 94, in handleEdit\n self._configure()\n File "C:\Program Files\Splunk\etc\apps\TA-eStreamer\bin\configure_handler.py", line 73, in _configure\n output = subprocess.check_output( cmds, stderr = subprocess.STDOUT )\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 216, in check_output\n process = Popen(stdout=PIPE, *popenargs, **kwargs)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 394, in __init__\n errread, errwrite)\n File "C:\Program Files\Splunk\Python-2.7\Lib\subprocess.py", line 644, in _execute_child\n startupinfo)\nWindowsError: [Error 193] %1 is not a valid Win32 application\n
02-20-2019 16:00:54.000 -0600 ERROR AdminManagerExternal - Unexpected error "<type 'exceptions.WindowsError'>" from python handler: "[Error 193] %1 is not a valid Win32 application". See splunkd.log for more details.
02-20-2019 16:00:54.011 -0600 ERROR SetupAdminHandler - Error while posting to url=/servicesNS/nobody/TA-eStreamer/encore/configure/main
Can someone tell me what I'm missing/doing wrong?
... View more