After install, i'm getting an error:
==> var/log/splunk/file_meta_data_modular_input.log <==
2016-05-24 22:40:08,585 INFO Time is later than filter, st_ctime=1463219347.5115333, must_be_later_than=None, path=u'/etc/audit_proba'
2016-05-24 22:40:08,586 INFO Time is later than filter, st_mtime=1463219347.5115333, must_be_later_than=None, path=u'/etc/audit_proba'
2016-05-24 22:40:08,586 INFO Time is later than filter, st_ctime=1463207368.1592515, must_be_later_than=None, path=u'/etc/networks'
2016-05-24 22:40:08,586 INFO Time is later than filter, st_mtime=1392864236.0, must_be_later_than=None, path=u'/etc/networks'
2016-05-24 22:40:08,587 INFO Time is later than filter, st_ctime=1463209453.5112169, must_be_later_than=None, path=u'/etc/issue.net'
2016-05-24 22:40:08,587 INFO Time is later than filter, st_mtime=1455641008.0, must_be_later_than=None, path=u'/etc/issue.net'
2016-05-24 22:40:08,588 INFO Time is later than filter, st_ctime=1463207368.1672513, must_be_later_than=None, path=u'/etc/securetty'
2016-05-24 22:40:08,588 INFO Time is later than filter, st_mtime=1392604967.0, must_be_later_than=None, path=u'/etc/securetty'
2016-05-24 22:40:08,588 INFO Time is later than filter, st_ctime=1464110338.292777, must_be_later_than=None, path=u'/etc/mtab'
2016-05-24 22:40:08,589 INFO Time is later than filter, st_mtime=1464110338.292777, must_be_later_than=None, path=u'/etc/mtab'
2016-05-24 22:40:08,589 INFO Time is later than filter, st_ctime=1463209160.1531472, must_be_later_than=None, path=u'/etc/kernel-img.conf'
2016-05-24 22:40:08,589 INFO Time is later than filter, st_mtime=1463209160.1531472, must_be_later_than=None, path=u'/etc/kernel-img.conf'
2016-05-24 22:40:08,590 INFO Time is later than filter, st_ctime=1463208753.997147, must_be_later_than=None, path=u'/etc/popularity-contest.conf'
2016-05-24 22:40:08,590 INFO Time is later than filter, st_mtime=1463208753.997147, must_be_later_than=None, path=u'/etc/popularity-contest.conf'
2016-05-24 22:40:08,590 INFO Time is later than filter, st_ctime=1463207368.1472514, must_be_later_than=None, path=u'/etc/ld.so.conf'
2016-05-24 22:40:08,591 INFO Time is later than filter, st_mtime=1438751511.0, must_be_later_than=None, path=u'/etc/ld.so.conf'
2016-05-24 22:40:08,591 INFO Time is later than filter, st_ctime=1463207378.71088, must_be_later_than=None, path=u'/etc/hosts'
2016-05-24 22:40:08,591 INFO Time is later than filter, st_mtime=1463207378.71088, must_be_later_than=None, path=u'/etc/hosts'
2016-05-24 22:40:08,592 INFO Time is later than filter, st_ctime=1463207368.1272514, must_be_later_than=None, path=u'/etc/crontab'
2016-05-24 22:40:08,592 INFO Time is later than filter, st_mtime=1360393340.0, must_be_later_than=None, path=u'/etc/crontab'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_ctime=1463207368.1552515, must_be_later_than=None, path=u'/etc/mime.types'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_mtime=1368446165.0, must_be_later_than=None, path=u'/etc/mime.types'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_ctime=1463992499.283533, must_be_later_than=None, path=u'/etc/subgid'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_mtime=1463992499.1515331, must_be_later_than=None, path=u'/etc/subgid'
2016-05-24 22:40:08,594 INFO Time is later than filter, st_ctime=1463207368.1512513, must_be_later_than=None, path=u'/etc/logrotate.conf'
2016-05-24 22:40:08,594 INFO Time is later than filter, st_mtime=1390414763.0, must_be_later_than=None, path=u'/etc/logrotate.conf'
2016-05-24 22:40:08,594 INFO Time is later than filter, st_ctime=1463207368.1552515, must_be_later_than=None, path=u'/etc/mke2fs.conf'
2016-05-24 22:40:08,595 INFO Time is later than filter, st_mtime=1392809455.0, must_be_later_than=None, path=u'/etc/mke2fs.conf'
2016-05-24 22:40:08,595 INFO Time is later than filter, st_ctime=1463207368.1672513, must_be_later_than=None, path=u'/etc/rmt'
2016-05-24 22:40:08,595 INFO Time is later than filter, st_mtime=1391519759.0, must_be_later_than=None, path=u'/etc/rmt'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_ctime=1463207368.1752515, must_be_later_than=None, path=u'/etc/sysctl.conf'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_mtime=1364783131.0, must_be_later_than=None, path=u'/etc/sysctl.conf'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_ctime=1463207368.1272514, must_be_later_than=None, path=u'/etc/debian_version'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_mtime=1392864236.0, must_be_later_than=None, path=u'/etc/debian_version'
2016-05-24 22:40:08,597 INFO Time is later than filter, st_ctime=1463207374.6428442, must_be_later_than=None, path=u'/etc/fstab'
2016-05-24 22:40:08,597 INFO Time is later than filter, st_mtime=1463207366.7432404, must_be_later_than=None, path=u'/etc/fstab'
2016-05-24 22:40:08,597 WARNING Unable to access path="/etc/blkid.tab", reason="[Errno 2] No such file or directory: '/etc/blkid.tab'"
2016-05-24 22:40:08,598 INFO Time is later than filter, st_ctime=1463208789.6171472, must_be_later_than=None, path=u'/etc/ltrace.conf'
2016-05-24 22:40:08,598 INFO Time is later than filter, st_mtime=1399679435.0, must_be_later_than=None, path=u'/etc/ltrace.conf'
2016-05-24 22:40:08,598 INFO Time is later than filter, st_ctime=1463207368.1632514, must_be_later_than=None, path=u'/etc/protocols'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_mtime=1388401735.0, must_be_later_than=None, path=u'/etc/protocols'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_ctime=1463209453.899217, must_be_later_than=None, path=u'/etc/lsb-release'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_mtime=1455640151.0, must_be_later_than=None, path=u'/etc/lsb-release'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_ctime=1463208858.1891472, must_be_later_than=None, path=u'/etc/screenrc'
2016-05-24 22:40:08,600 INFO Time is later than filter, st_mtime=1332278088.0, must_be_later_than=None, path=u'/etc/screenrc'
2016-05-24 22:40:08,600 INFO Time is later than filter, st_ctime=1463207368.1632514, must_be_later_than=None, path=u'/etc/rc.local'
2016-05-24 22:40:08,600 INFO Time is later than filter, st_mtime=1438751525.0, must_be_later_than=None, path=u'/etc/rc.local'
2016-05-24 22:40:08,601 INFO Time is later than filter, st_ctime=1463207368.1512513, must_be_later_than=None, path=u'/etc/locale.alias'
2016-05-24 22:40:08,601 INFO Time is later than filter, st_mtime=1281023834.0, must_be_later_than=None, path=u'/etc/locale.alias'
2016-05-24 22:40:08,601 ERROR Execution failed
Traceback (most recent call last):
File "/opt/splunk/etc/apps/file_meta_data/bin/file_info_app/modular_input.py", line 1320, in execute
self.do_run(in_stream, log_exception_and_continue=True)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_info_app/modular_input.py", line 1220, in do_run
input_config)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 336, in run
results, new_latest_time = self.get_files_data(file_path, logger=self.logger, latest_time=latest_time, must_be_later_than=must_be_later_than, file_hash_limit=file_hash_limit)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 139, in get_files_data
info, this_latest_time = cls.get_file_data(os.path.join(root, name), logger, latest_time_derived, must_be_later_than, file_hash_limit)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 214, in get_file_data
file_hash = cls.get_file_hash(file_path)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 184, in get_file_hash
if logger:
NameError: global name 'logger' is not defined
==> var/log/splunk/splunkd.log <==
05-24-2016 22:40:08.602 +0200 WARN ExecProcessor - Streaming XML data: Expected tag "event", instead received "error".
05-24-2016 22:40:08.602 +0200 WARN ExecProcessor - Streaming XML data: Expected tag "event", instead received "message".
My config:
[file_meta_data://etc]
file_hash_limit = 500MB
file_path = /etc
include_file_hash = 1
index = change_management
interval = 60
only_if_changed = 0
recurse = 1
sourcetype = linux_etc
disabled = 0
Version: Splunk 6.4.0 (build f2c836328108)
That's a bug. I'll fix that ASAP. See here for details: http://lukemurphey.net/issues/1354
This will be fixed in version 1.0.2.
Update:
I just released version 1.0.2. However, that error was masking some other exception. The new version should let you know why it is unable to compute the hash value for that file.
im getting this message
INFO Time is later than filter, st_mtime=1384897295.045503, must_be_later_than=None, path='
With latest version. No other errors seen. Seems to scan the path once but then does not continue on schedule.
Can you check the following logs to see if you see something relevant?
index=_internal ExecProcessor "file_meta_data" sourcetype=splunkd
Im also seeing the same message in _internal and no events in the latest version:
INFO Time is later than filter, st_mtime=1384897295.045503, must_be_later_than=None, path='
The main issue that the original user was reporting was the error message "NameError: global name 'logger' is not defined". Are you seeing that message too?
Different message. I will open another.
INFO Time is later than filter, st_mtime=1459251861.8578942, must_be_later_than=None
https://answers.splunk.com/answers/492137/after-installing-the-filedirectory-information-inp-2.html
This is still a problem, can you take a look please?
That's a bug. I'll fix that ASAP. See here for details: http://lukemurphey.net/issues/1354
This will be fixed in version 1.0.2.
Update:
I just released version 1.0.2. However, that error was masking some other exception. The new version should let you know why it is unable to compute the hash value for that file.