This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Add-on for Splunk and Sophos Central Communication

Tejas Bavarva over 5 years ago

Hi,

We have installed Sophos add-on for Splunk on Heavy forwarder.

We were getting logs in Splunk but recently, we are getting error "Could not connect to proxy".

Proxy is not configured in add-on.

Also after restarting heavy forwarder, we are getting logs in Splunk for some period of time.

After that, again same error is coming.

Log:

04-16-2019 13:17:28.065 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/SophosAddOnForSplunk/bin/sopho_central_alerts.py" ERRORHTTPSConnectionPool(host='api3.central.sophos.com', port=443): Max retries exceeded with url: /gateway/siem/v1/alerts/?limit=1000&from_date=1555416748 (Caused by ProxyError('Cannot connect to proxy.', error('Tunnel connection failed: 403 Forbidden',)))

Do anyone have any idea?

Regards,
Tejas

This thread was automatically locked due to age.