Hi ,
I have issue with splunk sourcefire connector app , it is conifigured on one of the splunk Heavy forwarder . it was working upto 4 th jan . I had tried resetting the connector and also restarted services of splunk if that might help but it didn't .
below is the configuration local from the app.
estreamer.conf
[estreamer]
changed = 0
pkcs12_password = XXXXXX
client_disabled = 0
log_extra_data = 1
log_metadata = 1
pkcs12_file = /opt/splunk/etc/apps/XX-IA-sourcefire/local/XX.XX.XXX.pkcs12
server = XX.XX.XX.XXX
watch = 1
debug = 1
/app.conf
# Autogenerated file
[install]
state = enabled
is_configured = 1
props.conf
[sourcefire:network:ids]
TZ = GMT
↧
