Version
Cb Response 5.x.
Issue
Cb Response hasn't been configured correctly.
Symptoms
Connector getting error on launch or in wildfire.log:
SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590). |
Solution
Check that error log and connector configuration
/var/log/cb/integrations/wildfire/wildfire.log /etc/cb/integrations/wildfire/connector.conf |
Repository Exists
Check that /etc/yum.repos.d/CbOpenSource.repo exists with correct content
If it does not, enter the following command:
SSL mismatch
/etc/cb/integrations/wildfire/connector.conf |
Cloud based
wildfire_server_sslverify=1 |
Leave this line commented out:
Local Based
wildfire_server_sslverify=0 |
wildfire_verify_ssl=false |
Replace <https://my.local.wildfire.appliance> with correct url:
Invalid API Token
Make sure API Token matches with “carbonblack_server_token” setting in connector.conf file
sudo psql cb -p 5002 -c "select id,username,firstname,lastname,global_admin,auth_token from cb_user;" |
Server still not accessible
If you are still receiving the error, check if there is a local proxy or firewall that is blocking the traffic.
Proxy
See if a Proxy is configured for the Alliance server under /etc/cb/cb.conf
We can check for a local proxy with:
cat /etc/environment printenv |grep -i proxy env |grep -i proxy |
Firewall
Check network traffic to see if a firewall blocking access to wildfire.
Note: After making any changes to the wildfire connector configuration, it can be restarted with:
service /etc/init.d/cb-wildfire-connector stop service /etc/init.d/cb-wildfire-connector start |