All Apps and Add-ons

Errors running Qualys TA


I'm seeing two different errors with the Qualys TA. When I try and setup the app, I see the following:

Encountered the following error while trying to update: Error while posting to url=/servicesNS/nobody/TA-QualysCloudPlatform/qualys/qualys_configure/setupentity

When I look in the qualys.conf, I can see the password in clear text rather than being encrypted...

I'm also seeing this error message when running the TA on a search head cluster:

TA-QualysCloudPlatform: 2018-07-20 18:19:05 PID=23510 [MainThread] ERROR: TA-QualysCloudPlatform - This setup is configured as Search Head. You should not run %s on Search Head. I am Exiting.

Why can't the TA run on a search head? That makes no sense considering that all of the searches in the Qualys app depend on the knowledge base lookup table. Do I have to run this on a separate box, have it input the knowledge base and then summary index the results so the search heads can build the KB?

0 Karma

Path Finder

My solution to this problem was to comment out lines 89-91 of in the bin directory in the Add-on. This (bad) code checks to see if it is running on a search head and skips the work that we want done.

It would be nice if Qualys fixed the code with a ", input_name" before the closing parenthesis in line 90 so that %s gets filled in, but they can't even find the time to respond to your question. And we're commenting it out anyway. 🙂

For reference, the code to be removed is:

if server_info and server_info.is_search_head() and input_name != "qualys://knowledge_base":
    qlogger.error("This setup is configured as Search Head. You should not run %s on Search Head. I am Exiting.")

I hope this helps.

Path Finder

The below document will help you to configure Qualys

0 Karma

Path Finder

I downvoted this post because it does not address the question at all.

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...