All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can't get Nessus data

pdoconnell
Path Finder
‎10-29-2015 09:14 AM

I am using the following configuration:

alt text

This results in the following errors:

10/29/15 11:07:15.842 AM 2015-10-29
11:07:15,842 ERROR pid=14247
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:157
| Traceback (most recent call last):

File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus.py",
line 136, in
get_nessus_modinput_configs
config.remove_expired_ckpt() File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus_config.py",
line 159, in remove_expired_ckpt
inputs) Show all 6 lines host = HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.841 AM 2015-10-29
11:07:15,841 ERROR pid=14247
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:156
| Failed to setup config for nessus
TA: 'NoneType' object is not iterable
host = HOSTNAME source
= /opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.703 AM 2015-10-29
11:07:15,703 INFO pid=14247
tid=MainThread file=nessus.py:main:260
| Start nessus TA host =
HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.425 AM 2015-10-29
11:07:15,425 ERROR pid=14235
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:157
| Traceback (most recent call last):

File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus.py",
line 136, in
get_nessus_modinput_configs
config.remove_expired_ckpt() File
"/opt/splunk/etc/apps/axe_sec_nessus_inputs/bin/nessus_config.py",
line 159, in remove_expired_ckpt
inputs) Show all 6 lines host = HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.425 AM 2015-10-29
11:07:15,425 ERROR pid=14235
tid=MainThread
file=nessus.py:get_nessus_modinput_configs:156
| Failed to setup config for nessus
TA: 'NoneType' object is not iterable
host = HOSTNAME source
= /opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log 10/29/15
11:07:15.350 AM 2015-10-29
11:07:15,350 INFO pid=14235
tid=MainThread file=nessus.py:main:260
| Start nessus TA host =
HOSTNAME source =
/opt/splunk/var/log/splunk/ta_nessus.log
sourcetype = ta:nessus:log

alt text

Anyone have any suggestion as to what I'm doing wrong?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ehaddad_splunk
Splunk Employee
Splunk Employee
‎11-01-2015 05:00 PM

Hi,

Seems like you have changed the Add-on folder name into axe_sec_nessus_inputs which might have broken the add-on rest API. Can you try to use the add-on with default folder name and see if things go through successfully.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ehaddad_splunk
Splunk Employee
Splunk Employee
‎11-01-2015 05:00 PM

Hi,

Seems like you have changed the Add-on folder name into axe_sec_nessus_inputs which might have broken the add-on rest API. Can you try to use the add-on with default folder name and see if things go through successfully.

0 Karma
Reply
Solved! Jump to solution

pdoconnell
Path Finder
‎11-04-2015 12:32 PM

That got most of the way. I now see data coming into index nessus, specifically sourcetype=nessus:plugin. Unfortunately, I do not seem to be getting any sourcetype=nessus:scan data.

Searching for index=internal sourcetype=ta:nessus:log again gets me the following data for the run today:
11/4/15
2:07:37.456 PM

2015-11-04 14:07:37,456 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/21, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:06:01.359 PM

2015-11-04 14:06:01,359 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/2, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:05:17.403 PM

2015-11-04 14:05:17,403 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/1, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.133 PM

2015-11-04 14:04:11,133 ERROR pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:157 | Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 147, in get_nessus_modinput_configs
input_conf = config.get_data_input(input_name)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_config.py", line 186, in get_data_input
check_conf_mgr_result(False, "Cannot get the encrypted keys.")
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_config.py", line 27, in check_conf_mgr_result
raise NessusConfigException(msg)
NessusConfigException: Cannot get the encrypted keys.
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.132 PM

2015-11-04 14:04:11,132 ERROR pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:156 | Failed to setup config for nessus TA: Cannot get the encrypted keys.
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.132 PM

2015-11-04 14:04:11,132 ERROR pid=5205 tid=MainThread file=nessus_config.py:check_conf_mgr_result:26 | Cannot get the encrypted keys.
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.981 PM

2015-11-04 14:04:10,981 INFO pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:142 | Set loglevel to WARN
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.966 PM

2015-11-04 14:04:10,966 INFO pid=5201 tid=MainThread file=nessus.py:get_nessus_modinput_configs:142 | Set loglevel to WARN
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM

2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:206 | Proxy username is empty. Try to delete the encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM

2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:198 | Encrypt the proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM

2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:update_nessus_conf:66 | Update nessus.conf
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.709 PM

2015-11-04 14:04:10,709 INFO pid=5201 tid=MainThread file=nessus_config.py:get_nessus_conf:80 | Try to get encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM

2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:206 | Proxy username is empty. Try to delete the encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM

2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:198 | Encrypt the proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM

2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:update_nessus_conf:66 | Update nessus.conf
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM

2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:get_nessus_conf:80 | Try to get encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.335 PM

2015-11-04 14:04:10,335 INFO pid=5205 tid=MainThread file=nessus.py:main:260 | Start nessus TA
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:09.876 PM

2015-11-04 14:04:09,876 INFO pid=5201 tid=MainThread file=nessus.py:main:260 | Start nessus TA
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log

0 Karma
Reply
Solved! Jump to solution

pdoconnell
Path Finder
‎11-11-2015 10:47 AM

Regenerating the API key after renaming the folder resolved the issue. Thank you for your suggestion!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...