All Apps and Add-ons

Error in script sophos_alerts.py for Sophos Central app

pbalsley
Path Finder

I just installed your app version 1.0.2.
Very cool by the way!

I noticed that I was not getting my alert logs. I found that in Line #2 of bin/sophos_alerts.py there was a missing "i" for import.

Also had to remove the reverence to 'name' in the print line #87.
FYI.

I also noticed on the first run the cursor is set to empty
cursor="" #set the cursor to empty

Which then the default is pulling data 24 hours in the past. So my logs were never in real time, but a day ago.
Should this be updated to send the "from_date" option the first time? Unless the logs will sloowly catch up to real time? I didn't wait long enough to find out. 🙂

thanks!

nickhills
Ultra Champion

Thank you for your comments on this - I will look to update this and drop a new version with the typo correction shortly!

If my comment helps, please give it a thumbs up!
0 Karma

salbro
Path Finder

Thanks for the catch, I'm updating those lines as well. What did you do to fix the time bug with the cursor set?

0 Karma

pbalsley
Path Finder

Great. for the cursor, depending on how many logs you have, it will auto catch up. It may take a day or two, but then all is good.

0 Karma

jaredburr
New Member

I keep getting a connection refused when Splunk tries to run the python scripts, but it connects fine when I run it manually. Any ideas?

0 Karma