https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343022#M41449 <P>Worked with Tenable support on another issue (frequent timeouts when using the UI) and they had me adjust the "max_execution_time" value in /opt/sc/support/etc/php.ini:</P> <P># Backup the PHP file:<BR /> $ cp /opt/sc/support/etc/php.ini /opt/sc/support/etc/php.ini.bk</P> <P># Edit the PHP.ini file<BR /> $ vi /opt/sc/support/etc/php.ini </P> <P>Scroll down to the max_execution_time setting and double/triple the value that is in there. The default is 30s so I increased mine to 90s. Save the file then restart SecurityCenter.</P> <P>Since this change I've been able to pull all scan results into Splunk.</P> Tue, 29 Sep 2020 14:13:44 GMT Blu3fish 2020-09-29T14:13:44Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343016#M41443 <P>Using v5.1.1 of the Splunk Add-on for Tenable (<A href="https://splunkbase.splunk.com/app/1710/">https://splunkbase.splunk.com/app/1710/</A>) to pull scan results from Security Center (5.4.4). I'm receiving the occasional scan result but not all scan results and am seeing the following log repeated over and over in index=_internal sourcetype=tenable:sc:log:</P> <PRE><CODE>2017-03-08 15:51:57,258 +0000 log_level=WARNING, pid=20668, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_pre_process_ckpt, code_line_no=284 | [stanza_name="securitycenterserver" data="sc_vulnerability" server="securitycenterserver"] error_msg=Unable to process Vuln Query. SecurityCenter could not process the vulnerability filter string (SC_ROOT=/opt/sc /opt/sc/bin/showvulns-individual +orgid "1" +groupid "0" +tool 'listvuln' +datedir "2017-03-08" +scanid '1234' +view 'all' +startoffset '0' +endoffset '0' +repository "1" -acceptRisk). 11^list^0^0^-1 </CODE></PRE> <P>The scanid does change per event which accurately reflects the scanids from security center that aren't being ingested.</P> Wed, 08 Mar 2017 17:43:51 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343016#M41443 Blu3fish 2017-03-08T17:43:51Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343017#M41444 <P>Seems the log pasted is broken, would you please provide the raw logs?</P> Fri, 10 Mar 2017 01:37:18 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343017#M41444 hozhang_splunk 2017-03-10T01:37:18Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343018#M41445 <P>2017-03-08 15:51:57,258 +0000 log_level=WARNING, pid=20668, tid=Thread-5, file=ta_tenable_sc_data_collector.py, func_name=_pre_process_ckpt, code_line_no=284 | [stanza_name="securitycenterserver" data="sc_vulnerability" server="securitycenterserver"] error_msg=Unable to process Vuln Query.<BR /> SecurityCenter could not process the vulnerability filter string (SC_ROOT=/opt/sc /opt/sc/bin/showvulns-individual +orgid "1" +groupid "0" +tool 'listvuln' +datedir "2017-03-08" +scanid '2275' +view 'all' +startoffset '0' +endoffset '0' +repository "1" -acceptRisk).<BR /> 11^list^0^0^-1</P> Tue, 29 Sep 2020 13:10:02 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343018#M41445 Blu3fish 2020-09-29T13:10:02Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343019#M41446 <P>I am having this same problem too. Has anyone been able to figure this out?</P> Fri, 24 Mar 2017 16:43:12 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343019#M41446 lamars79 2017-03-24T16:43:12Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343020#M41447 <P>This seems an issue at Tenable side. <BR /> <A href="https://community.tenable.com/thread/9403">https://community.tenable.com/thread/9403</A></P> Mon, 27 Mar 2017 03:27:32 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343020#M41447 hozhang_splunk 2017-03-27T03:27:32Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343021#M41448 <P>Did anyone find a fix for this issue? I am having the same exact error message</P> Tue, 09 May 2017 21:45:36 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343021#M41448 shirishkamat84 2017-05-09T21:45:36Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343022#M41449 <P>Worked with Tenable support on another issue (frequent timeouts when using the UI) and they had me adjust the "max_execution_time" value in /opt/sc/support/etc/php.ini:</P> <P># Backup the PHP file:<BR /> $ cp /opt/sc/support/etc/php.ini /opt/sc/support/etc/php.ini.bk</P> <P># Edit the PHP.ini file<BR /> $ vi /opt/sc/support/etc/php.ini </P> <P>Scroll down to the max_execution_time setting and double/triple the value that is in there. The default is 30s so I increased mine to 90s. Save the file then restart SecurityCenter.</P> <P>Since this change I've been able to pull all scan results into Splunk.</P> Tue, 29 Sep 2020 14:13:44 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Add-on-for-Tenable-Why-do-I-receive-quot-Unable-to/m-p/343022#M41449 Blu3fish 2020-09-29T14:13:44Z