Hi, i have a configuration problem the SplunkTAnessus and splunk, and run in debug gives me the following :
Checking filesystem compatibility... Done Checking conf files for problems... Invalid key in stanza [default] in /root/splunk/etc/apps/Splunk_TA_nessus/local/inputs.conf, line 1: srcdir (value: /root/splunk/etc/apps/Splunk_TA_nessus/spool/) Invalid key in stanza [default] in /root/splunk/etc/apps/Splunk_TA_nessus/local/inputs.conf, line 2: tgtdir (value: $SPLUNK_HOME/var/spool/splunk) Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug' Done
looking at the
inputs.conf of this app it says:
## EXAMPLE Nessus scripted input using user-defined directories, full paths # # Purpose: # # Converts .nessus format files (v1 or v2) to a Splunk-indexable format, # using the following directories as source and target: # # srcdir = /opt/nessus/incoming # tgtdir = /opt/nessus/parsed # # WARNING: This is only an example. # # To utilize this input as shown, a Splunk "monitor" stanza would also need # to be configured to index parsed output files from the custom directory # The configuration of the "monitor" stanza would need to be similar to # the configuration used for the default Splunk spool directory. # For instance: # # [batch://<path_to_custom_spool_directory>] # move_policy = sinkhole # crcSalt = <SOURCE>
This means neither use
tgtdir but setup a Splunk input monitor like in the
[batch: ...] example or use the scripted input like this:
[script://./bin/nessus2splunk.py -s /opt/nessus/incoming -t /opt/nessus/parsed] disabled = false interval = 120 index = _internal source = nessus2splunk sourcetype = nessus2splunk
-s is the source path and
-t is the target path for the script. The target path will be monitored in Splunk.
Hope this helps to get you started ...
The Add-on will not provide any view, it 'only' provides the inputs and CIM-compatible knowledge to use Nessus data with other Splunk apps, such as
Splunk App for Enterprise Security and
Splunk App for PCI Compliance