https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291066#M34751 <P>I am seeing the following error re: the SSL cert:</P> <PRE><CODE>2017-11-20 15:55:54,139 +0000 log_level=ERROR, pid=30119, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list. </CODE></PRE> <P>I followed the documentation and exported the Nessus SC cert as a .crt/.pem (saved as a .crt). I then copied the contents of the PEM file into $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/cacerts.txt and then saved the file, but I still see the [SSL: CERTIFICATE_VERIFY_FAILED error</P> <P>Any help troubleshooting this error would be greatly appreciated.</P> Tue, 29 Sep 2020 16:51:08 GMT jwalzerpitt 2020-09-29T16:51:08Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291066#M34751 <P>I am seeing the following error re: the SSL cert:</P> <PRE><CODE>2017-11-20 15:55:54,139 +0000 log_level=ERROR, pid=30119, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list. </CODE></PRE> <P>I followed the documentation and exported the Nessus SC cert as a .crt/.pem (saved as a .crt). I then copied the contents of the PEM file into $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/cacerts.txt and then saved the file, but I still see the [SSL: CERTIFICATE_VERIFY_FAILED error</P> <P>Any help troubleshooting this error would be greatly appreciated.</P> Tue, 29 Sep 2020 16:51:08 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291066#M34751 jwalzerpitt 2020-09-29T16:51:08Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291067#M34752 <P>Hi @jwalzerpitt,</P> <P>Is it working proper if we disable SSL??</P> <P>local/nessus.conf</P> <PRE><CODE>[tenable_sc_settings] disable_ssl_certificate_validation = 0 </CODE></PRE> <P>Thanks</P> Mon, 20 Nov 2017 17:09:26 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291067#M34752 kamlesh_vaghela 2017-11-20T17:09:26Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291068#M34753 <P>I'm seeing the following after setting disable_ssl_certificate_validation = 0 in local/nessus.conf:</P> <PRE><CODE>11/20/17 12:18:37.540 PM 2017-11-20 17:18:37,540 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Failed to index data Traceback (most recent call last): File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data self._do_safe_index() File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index self._client = self._create_data_client() File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client self._checkpoint_manager) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__ self._ckpt) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time return _do_job_one_time(all_conf_contents, task_config, ckpt) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time raise Exception Exception 11/20/17 12:18:37.539 PM 2017-11-20 17:18:37,539 +0000 log_level=ERROR, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list. 11/20/17 12:18:37.521 PM 2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=42 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Proxy is disabled. 11/20/17 12:18:37.521 PM 2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=39 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] The disable_ssl_certificate_validation is False 11/20/17 12:18:37.521 PM 2017-11-20 17:18:37,521 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=23 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Enter _do_job_one_time(). 11/20/17 12:18:37.520 PM 2017-11-20 17:18:37,520 +0000 log_level=INFO, pid=3965, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=112 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] Start indexing data for checkpoint_key=Nessus%20Security%20Center___sc_vulnerability___Security%20Center 11/20/17 12:18:37.518 PM 2017-11-20 17:18:37,518 +0000 log_level=INFO, pid=3965, tid=Thread-2, file=scheduler.py, func_name=get_ready_jobs, code_line_no=100 | Get 1 ready jobs, next duration is 43199.999063, and there are 1 jobs scheduling </CODE></PRE> Tue, 29 Sep 2020 16:51:13 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291068#M34753 jwalzerpitt 2020-09-29T16:51:13Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291069#M34754 <P>Still seeing SSL cert error even after setting setting disable_ssl_certificate_validation = 1 in local/nessus.conf:</P> <PRE><CODE>11/20/17 12:26:22.062 PM 2017-11-20 17:26:22,062 +0000 log_level=ERROR, pid=11762, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus Security Center" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list. </CODE></PRE> Tue, 29 Sep 2020 16:51:16 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291069#M34754 jwalzerpitt 2020-09-29T16:51:16Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291070#M34755 <P>Hi @jwalzerpitt,</P> <P>Apology for the delay. Are you using the latest app? This error fixed in latest app.<BR /><BR /> 2nd after making a change in <CODE>disable_ssl_certificate_validation</CODE>it is recommended to restart Splunk.</P> <P>Can you confirm it?</P> <P>Thanks</P> Tue, 21 Nov 2017 11:28:04 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291070#M34755 kamlesh_vaghela 2017-11-21T11:28:04Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291071#M34756 <P>I am on version 5.1.2 for the Add-on, and I created the local/nessus.conf file and added the stanza below and then restarted Splunk</P> <PRE><CODE> [tenable_sc_settings] disable_ssl_certificate_validation = 0 </CODE></PRE> <P>Check the _internal events and I see:</P> <PRE><CODE>2017-11-21 14:06:41,411 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] Failed to index data Traceback (most recent call last): File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 115, in index_data self._do_safe_index() File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 148, in _do_safe_index self._client = self._create_data_client() File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_collector.py", line 95, in _create_data_client self._checkpoint_manager) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_data_client.py", line 55, in __init__ self._ckpt) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 18, in do_job_one_time return _do_job_one_time(all_conf_contents, task_config, ckpt) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/ta_tenable_sc_data_collector.py", line 62, in _do_job_one_time raise Exception Exception 11/21/17 9:06:41.410 AM 2017-11-21 14:06:41,410 +0000 log_level=ERROR, pid=6351, tid=Thread-6, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=61 | [stanza_name="Nessus SC" data="sc_vulnerability" server="Security Center"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list. </CODE></PRE> <P>Thx</P> Tue, 21 Nov 2017 14:09:42 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291071#M34756 jwalzerpitt 2017-11-21T14:09:42Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291072#M34757 <P>I modified local/nessus.conf file as follows:</P> <PRE><CODE> [tenable_sc_settings] disable_ssl_certificate_validation = 1 </CODE></PRE> <P>and when I check the _internal index, I see the following events:</P> <PRE><CODE>2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=186 | Tenable task encounter exception Traceback (most recent call last): File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 183, in main config_cls=configer_cls) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_mod_input.py", line 100, in run tconfig = tc.create_ta_config(settings, config_cls or tc.TaConfig) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 181, in create_ta_config return config_cls(meta_config, settings) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/ta_config.py", line 21, in __init__ meta_config[c.session_key]) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/splunk_cluster.py", line 26, in __init__ raise Exception("Failed to init ServerInfo") Exception: Failed to init ServerInfo 2017-11-21 14:20:07,924 +0000 log_level=ERROR, pid=19192, tid=MainThread, file=rest.py, func_name=splunkd_request, code_line_no=42 | Failed to send rest request=https://127.0.0.1:8089/services/server/info, errcode=unknown, reason=Traceback (most recent call last): File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/rest.py", line 40, in splunkd_request headers=headers, body=data) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1609, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1351, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1272, in _conn_request conn.connect() File "/data/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/__init__.py", line 1075, in connect raise socket.error, msg error: [Errno 111] Connection refused </CODE></PRE> Tue, 21 Nov 2017 14:30:35 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291072#M34757 jwalzerpitt 2017-11-21T14:30:35Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291073#M34758 <P>Digging into the scrip I saw the REST call was on port 8089 so when I double checked the relevant firewall, that port wasn't listed. Added that port and was able to pull the info via the REST call.</P> <P>Thx</P> Tue, 21 Nov 2017 19:11:08 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291073#M34758 jwalzerpitt 2017-11-21T19:11:08Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291074#M34759 <P>Hello,</P> <P>I'm facing the similar issue. My Splunk is already listening on 8089. Did u do something on the host firewall?</P> <P>Thanks!</P> Thu, 10 May 2018 04:54:18 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291074#M34759 splunk_kk 2018-05-10T04:54:18Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291075#M34760 <P>I had to open port 8089 on my firewall</P> Thu, 10 May 2018 12:36:06 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Nessus/m-p/291075#M34760 jwalzerpitt 2018-05-10T12:36:06Z