Security

Hi,
Just trying to configure 6.10.4 for splunk connectivity. Have downloaded the  syslog filter file ( which was from cppm 6.3) , replaced %splunk_ip% with the ip address of my server,  changed the version number from 6.3 to 6.10 ( if you dont you get an error message saying  there some invalid xml ) and tried to import it.

You then get an SQL related error ( see attached image)

Any ideas?
A

o.k. so  looking at the  XML file, whsatwe have is a component that says

<start of sql statement> ..... WHERE ((timestamp &gt;= --START-TIME--) AND (timestamp &lt;= --END-TIME-- <rest of sql statement>

If you  go into the syslog export filters section in the cppm gui you can  try and create  one of the filters by hand and if you paste in the full sql statement ( obtained from the xml file),   then yes it complains  about self modifying sql  , so that'll be the --START-TIME--  and  --END-TIME-- statements

Someone must have configured cppm 6.10 to  run with splunk .. haven't they ?

A
Original Message:
Sent: Jun 29, 2022 07:59 AM
From: Alex Sharaz
Subject: Error when importing splunk syslog filter xml file into cppm 6.10

Hi,
Just trying to configure 6.10.4 for splunk connectivity. Have downloaded the  syslog filter file ( which was from cppm 6.3) , replaced %splunk_ip% with the ip address of my server,  changed the version number from 6.3 to 6.10 ( if you dont you get an error message saying  there some invalid xml ) and tried to import it.

You then get an SQL related error ( see attached image)

Any ideas?
A

I had the same problem with 6.9 trying to import the files but other users did not.

In the XML file remove the ";" at the end of the SQL statement and see if that helps.
Original Message:
Sent: Jun 29, 2022 07:59 AM
From: Alex Sharaz
Subject: Error when importing splunk syslog filter xml file into cppm 6.10

Hi,
Just trying to configure 6.10.4 for splunk connectivity. Have downloaded the  syslog filter file ( which was from cppm 6.3) , replaced %splunk_ip% with the ip address of my server,  changed the version number from 6.3 to 6.10 ( if you dont you get an error message saying  there some invalid xml ) and tried to import it.

You then get an SQL related error ( see attached image)

Any ideas?
A

Hells teeth!

.. and it worked. Many thanks , much appreciated
A


Original Message:
Sent: 7/7/2022 9:32:00 AM
From: wareynolds
Subject: RE: Error when importing splunk syslog filter xml file into cppm 6.10

I had the same problem with 6.9 trying to import the files but other users did not.

In the XML file remove the ";" at the end of the SQL statement and see if that helps.
Original Message:
Sent: Jun 29, 2022 07:59 AM
From: Alex Sharaz
Subject: Error when importing splunk syslog filter xml file into cppm 6.10

Hi,
Just trying to configure 6.10.4 for splunk connectivity. Have downloaded the  syslog filter file ( which was from cppm 6.3) , replaced %splunk_ip% with the ip address of my server,  changed the version number from 6.3 to 6.10 ( if you dont you get an error message saying  there some invalid xml ) and tried to import it.

You then get an SQL related error ( see attached image)

Any ideas?
A