Hi,
We have installed Sophos add-on for Splunk on Heavy forwarder.
We were getting logs in Splunk but recently, we are getting error "Could not connect to proxy".
Proxy is not configured in add-on.
Also after restarting heavy forwarder, we are getting logs in Splunk for some period of time.
After that, again same error is coming.
Log:
04-16-2019 13:17:28.065 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sopho_central_alerts.py" ERRORHTTPSConnectionPool(host='api3.central.sophos.com', port=443): Max retries exceeded with url: /gateway/siem/v1/alerts/?limit=1000&from_date=1555416748 (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',)))
Do anyone have any idea?
Regards,
Tejas
This thread was automatically locked due to age.