06-26-2023 04:08 AM
Hello Team,
I am trying to get Cisco AMP4e logs to Splunk, while configuring the input I am getting below error.
Add-on - Cisco AMP for Endpoints Events Input - 3.0.0
Splunk Version - 8.2.7
Note: The API host, ID and Key are correct. Verified with below command.
url --request GET 'https://api.amp.cisco.com/v1/events' -u 'my api id:my api key'
Error while creating the Input
Warning! We couldn’t retrieve the information from API with provided credentials. Please make sure the API host is accessible or re-configure the input with correct credentials.
Error from /opt/splunk/var/log/splunk/amp4e_events_input.log
2023-06-26 05:35:34,486 ERROR Amp4eEvents - SSLError(MaxRetryError("HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_streams/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))"))
ssl_context=context,
File "/opt/splunk/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket
File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
File "/opt/splunk/lib/python3.7/ssl.py", line 870, in _create
File "/opt/splunk/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
ssl_context=context,
File "/opt/splunk/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket
File "/opt/splunk/lib/python3.7/ssl.py", line 423, in wrap_socket
File "/opt/splunk/lib/python3.7/ssl.py", line 870, in _create
File "/opt/splunk/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.amp.cisco.com', port=443): Max retries exceeded with url: /v1/event_types/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1106)')))
Can anyone help with solution for this issue?
Regards,
Navaneeth BR
06-26-2023 04:49 AM
07-11-2024 05:41 AM
Hi Navaneethbr,
Did you resolve this issue, I'm facing the same issue.
I'm injesting logs from ciscoamp to heavy forwarder, but recently it stops receving logs from ciscoamp, and the same above error is shown when i check for the log file.
I would appreciate if you could help me resolve this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide