Greetings!!
I'm getting the warning alerts showing me that splunk forwarder is not active, as shown on the below pic,
splunk forwarder is running (/opt/splunkforwarder/bin/splunk status ) but in Monitoring Console under Forwader:Management is not active it's showing a missing status,as shown on the above screenshot
even when I try to stop and restart the splunkforwader service(/opt/splunkforwarder/bin/splunk stop) can't be stopped, as shown on the below screenshot
Kindly help me on how i can fix the error,
Another error while searching:( I am running splunk_security_essentials version 3.0.0.)
***********************************
error 1:
Could not load lookup=LOOKUP-splunk_security_essentials
error2:
How about and root cause of this error2 above? and how to fix this?
Also find the this Warning error, I got from splunkd.log
05-22-2022 19:54:02.957 +0200 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read server certificate B', alert_description='certificate expired'. 05-22-2022 19:54:02.957 +0200 ERROR TcpOutputFd - Connection to host=x.x.x.17:9997 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name. 05-22-2022 19:54:02.960 +0200 ERROR X509Verify - X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) failed validation; error=10, reason="certificate has expired" 05-22-2022 19:54:02.960 +0200 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read server certificate B', alert_description='certificate expired'. 05-22-2022 19:54:02.960 +0200 ERROR TcpOutputFd - Connection to host=x.x.x.16:9997 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name. 05-22-2022 19:54:02.964 +0200 ERROR X509Verify - X509 certificate (O=SplunkUser,CN=SplunkServerDefaultCert) failed validation; error=10, reason="certificate has expired" 05-22-2022 19:54:02.964 +0200 WARN SSLCommon - Received fatal SSL3 alert. ssl_state='SSLv3 read server certificate B', alert_description='certificate expired'. 05-22-2022 19:54:02.964 +0200 ERROR TcpOutputFd - Connection to host=x.x.x.14:9997 failed. sock_error = 0. SSL Error = error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name.
Kindly help and guide me on how to fix this,
Thank you in advance.
... View more