Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1517
Views
0
Helpful
2
Replies

Questions re TA-eStreamer & multiple FMC

ww9rivers
Level 1
Level 1

‎04-03-2020 08:44 AM

Got two questions:

  1. The latest Operations Guide states that "eNcore can only currently support one server". And this post on Splunk>answer says that they had to "contact Cisco directly and get the CLI version of estreamer". Are these info still correct with regard to the latest TA-eStreamer version 3.6.8?
  2. Looking into the TA-eStreamer 3.6.8 code a bit, I see that it mandates Python 2.7. With that going away, what is Cisco's plan for Python 3 support?

Thank you much!

@nspasov 

0 Helpful
2 Replies 2

ww9rivers
Level 1
Level 1

‎04-03-2020 08:56 AM

Attempting to answer my 1st question: The default TA-eStreamer input is basically a Splunk scripted input, calling the bin/splencore.sh script to talk to an FMC. That script has a hard-coded "configFilepath".
SO -- as a quick hack, if I make a copy of the "bin/splencore.sh" and modify the "configFilepath", I should be able to create a second scripted input in inputs.conf. Would that be correct?
I'm going to give it a try and report back later.
0 Helpful

ww9rivers
Level 1
Level 1
In response to ww9rivers

‎04-06-2020 11:39 AM

Happy to report that my very quick and simple hack actually works.
If any one is interested, I may be able to clone the app and put it on Github if Cisco is OK with that.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card