I am using the following configuration:
This results in the following errors:
10/29/15 11:07:15.842 AM 2015-10-29
11:07:15,842 ERROR pid=14247
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:157
| Traceback (most recent call last):
File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus.py",
line 136, in
get_nessus_modinput_configs
config.remove_expired_ckpt() File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus_config.py",
line 159, in remove_expired_ckpt
inputs) Show all 6 lines host = HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.841 AM 2015-10-29
11:07:15,841 ERROR pid=14247
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:156
| Failed to setup config for nessus
TA: 'NoneType' object is not iterable
host = HOSTNAME source
= /opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.703 AM 2015-10-29
11:07:15,703 INFO pid=14247
tid=MainThread file=nessus.py:main:260
| Start nessus TA host =
HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.425 AM 2015-10-29
11:07:15,425 ERROR pid=14235
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:157
| Traceback (most recent call last):
File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus.py",
line 136, in
get_nessus_modinput_configs
config.remove_expired_ckpt() File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus_config.py",
line 159, in remove_expired_ckpt
inputs) Show all 6 lines host = HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.425 AM 2015-10-29
11:07:15,425 ERROR pid=14235
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:156
| Failed to setup config for nessus
TA: 'NoneType' object is not iterable
host = HOSTNAME source
= /opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.350 AM 2015-10-29
11:07:15,350 INFO pid=14235
tid=MainThread file=nessus.py:main:260
| Start nessus TA host =
HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log
Anyone have any suggestion as to what I'm doing wrong?
Hi,
Seems like you have changed the Add-on folder name into axe_sec_nessus_inputs which might have broken the add-on rest API. Can you try to use the add-on with default folder name and see if things go through successfully.
Hi,
Seems like you have changed the Add-on folder name into axe_sec_nessus_inputs which might have broken the add-on rest API. Can you try to use the add-on with default folder name and see if things go through successfully.
That got most of the way. I now see data coming into index nessus, specifically sourcetype=nessus:plugin. Unfortunately, I do not seem to be getting any sourcetype=nessus:scan data.
Searching for index=internal sourcetype=ta:nessus:log again gets me the following data for the run today:
11/4/15
2:07:37.456 PM
2015-11-04 14:07:37,456 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/21, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:06:01.359 PM
2015-11-04 14:06:01,359 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/2, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:05:17.403 PM
2015-11-04 14:05:17,403 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/1, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.133 PM
2015-11-04 14:04:11,133 ERROR pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:157 | Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 147, in get_nessus_modinput_configs
input_conf = config.get_data_input(input_name)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_config.py", line 186, in get_data_input
check_conf_mgr_result(False, "Cannot get the encrypted keys.")
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_config.py", line 27, in check_conf_mgr_result
raise NessusConfigException(msg)
NessusConfigException: Cannot get the encrypted keys.
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.132 PM
2015-11-04 14:04:11,132 ERROR pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:156 | Failed to setup config for nessus TA: Cannot get the encrypted keys.
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.132 PM
2015-11-04 14:04:11,132 ERROR pid=5205 tid=MainThread file=nessus_config.py:check_conf_mgr_result:26 | Cannot get the encrypted keys.
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.981 PM
2015-11-04 14:04:10,981 INFO pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:142 | Set loglevel to WARN
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.966 PM
2015-11-04 14:04:10,966 INFO pid=5201 tid=MainThread file=nessus.py:get_nessus_modinput_configs:142 | Set loglevel to WARN
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM
2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:206 | Proxy username is empty. Try to delete the encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM
2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:198 | Encrypt the proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM
2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:update_nessus_conf:66 | Update nessus.conf
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.709 PM
2015-11-04 14:04:10,709 INFO pid=5201 tid=MainThread file=nessus_config.py:get_nessus_conf:80 | Try to get encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:206 | Proxy username is empty. Try to delete the encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:198 | Encrypt the proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:update_nessus_conf:66 | Update nessus.conf
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:get_nessus_conf:80 | Try to get encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.335 PM
2015-11-04 14:04:10,335 INFO pid=5205 tid=MainThread file=nessus.py:main:260 | Start nessus TA
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:09.876 PM
2015-11-04 14:04:09,876 INFO pid=5201 tid=MainThread file=nessus.py:main:260 | Start nessus TA
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
Regenerating the API key after renaming the folder resolved the issue. Thank you for your suggestion!