search

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
https://pan.dev/splunk/docs/
ISC License
106 stars 48 forks source link

Cannot Retrieve Data from Palot Alto’s WildFire #6

Closed hkguy80 closed 10 years ago

hkguy80 commented 10 years ago

Hi, I just noticed that the Splunk no longer able to retrieve log form Wildfire since the end of March. s there any method to troubleshoot the problem?

Many Thanks!

btorresgil commented 10 years ago

Thanks for the heads up. Can you send me any relevant logs from $SPLUNK_HOME$/var/log/splunk/python.log? I'll do some testing as well. Thanks!

btorresgil commented 10 years ago

Also, what version of Splunk and the App are you using?

hkguy80 commented 10 years ago

I got the following python.log. And I am using Splunk 6.03 and Splunk for Palo Alto Networks 4.01 Thanks.

2014-01-21 10:19:01,849 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2014-01-21 10:19:01,848 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last):

|tstats prestats=t count as ca from pan_threat where log_subtype!="scan" log_subtype!="url" severity!="informational" severity!="low"[ | INPUTLOOKUP wildfireSuspiciousIP.csv |return 20 src_ip] groupby src_ip, _time | t imechart count as ca by src_ip 
<title>Threats from Suspicious Hosts (Wildfire)</title>

2014-01-15 00:29:01,559 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2014-01-15 00:29:01,559 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last): 2014-01-01 06:35:10,229 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2014-01-01 06:35:10,207 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last): 2013-12-20 11:17:02,717 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2013-12-20 11:17:02,717 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last): 2013-12-19 17:49:32,712 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2013-12-19 17:49:32,712 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last): 2013-12-19 16:08:56,481 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2013-12-19 16:08:56,481 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last): 2013-12-19 14:52:02,641 +0800 WARNING retrieveWildFireReport:61 - entity exception File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 57, in getWildFireAPIKey 2013-12-19 14:52:02,641 +0800 WARNING retrieveWildFireReport:60 - Traceback (most recent call last): File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 84, in retrieveWildFireData wfReportXml = retrieveWildFireData(PAN_WF_APIKEY, result['serial_number'], result['report_id']).read().strip() File "/opt/splunk/etc/apps/SplunkforPaloAltoNetworks/bin/retrieveWildFireReport.py", line 106, in