Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Wildfire Connector Troubleshooting

Wildfire Connector Troubleshooting

Version

Cb Response 5.x.

Issue

Cb Response hasn't been configured correctly.

Symptoms

Connector getting error on launch or in wildfire.log:

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590).

Solution

Check that error log and connector configuration

/var/log/cb/integrations/wildfire/wildfire.log

/etc/cb/integrations/wildfire/connector.conf

Repository Exists

Check that /etc/yum.repos.d/CbOpenSource.repo exists with correct content

If it does not, enter the following command:

curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo

SSL mismatch

/etc/cb/integrations/wildfire/connector.conf

Cloud based

wildfire_server_sslverify=1
wildfire_verify_ssl=true

Leave this line commented out:

; wildfire_url=https://my.local.wildfire.appliance

Local Based

wildfire_server_sslverify=0
wildfire_verify_ssl=false

Replace <https://my.local.wildfire.appliance> with correct url:

wildfire_url=<https://my.local.wildfire.appliance>

Invalid API Token

Make sure API Token matches with “carbonblack_server_token” setting in connector.conf file

sudo psql cb -p 5002 -c "select id,username,firstname,lastname,global_admin,auth_token from cb_user;"

Server still not accessible

If you are still receiving the error, check if there is a local proxy or firewall that is blocking the traffic.

Proxy

See if a Proxy is configured for the Alliance server under /etc/cb/cb.conf

We can check for a local proxy with:

cat /etc/environment

printenv |grep -i proxy

env |grep -i proxy

Firewall

Check network traffic to see if a firewall blocking access to wildfire.

Note: After making any changes to the wildfire connector configuration, it can be restarted with:

service /etc/init.d/cb-wildfire-connector stop

service /etc/init.d/cb-wildfire-connector start

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎06-10-2016
Views:
1134
Contributors