All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Increase Timeout for Querying Nessus Scan Data

blangrill
Explorer
‎01-07-2019 11:34 AM

I have Splunk configured to pull data from a Nessus Professional instance and for the most part it works fine but I noticed several recent scan reports weren't showing up. After some investigating, there were errors like the following during each pull attempt (every 12 hours):

2019-01-07 07:44:06,351 ERROR pid=9520 tid=MainThread file=nessus_rest_client.py:request:100 | Failed to connect https://<splunk server>/scans/166, reason=Traceback (most recent call last):
  File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\nessus_rest_client.py", line 80, in request
    headers=headers)
  File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1593, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1335, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1291, in _conn_request
    response = conn.getresponse()
  File "E:\splunk\Python-2.7\Lib\httplib.py", line 1121, in getresponse
    response.begin()
  File "E:\splunk\Python-2.7\Lib\httplib.py", line 438, in begin
    version, status, reason = self._read_status()
  File "E:\splunk\Python-2.7\Lib\httplib.py", line 394, in _read_status
    line = self.fp.readline(_MAXLINE + 1)
  File "E:\splunk\Python-2.7\Lib\socket.py", line 480, in readline
    data = self._sock.recv(self._rbufsize)
  File "E:\splunk\Python-2.7\Lib\ssl.py", line 772, in recv
    return self.read(buflen)
  File "E:\splunk\Python-2.7\Lib\ssl.py", line 659, in read
    v = self._sslobj.read(len)
SSLError: ('The read operation timed out',)

I noted that over the past few weeks the same scan numbers were showing up repeatedly and checking in Nessus, these are indeed the missing scan reports. These happen to be the largest scan results so I suspect the time out is just that the Nessus server isn't responding fast enough and the Splunk app closes the connection.

Is there a way to increase the read timeout for this situation?

0 Karma
Reply

jagdish_rai
Explorer
‎01-20-2020 01:16 AM

I'm getting the same error while pulling the data from SNOW.Is there any way to fix it ?

error :-

2020-01-20 10:01:48,435 ERROR pid=124003 tid=Thread-1 file=snow_data_loader.py:do_collect:177 | Failure occurred while connecting to https://roche.service-now.com/api/now/table/incident?sysparm_display_value=all&sysparm_limit=1000&sy.... The reason for failure=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/snow_data_loader.py", line 169, in _do_collect
"Authorization": "Basic %s" % credentials
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/Splunk_TA_snow/httplib2_helper/httplib2_py2/httplib2/init.py", line 2135, in request
cachekey,
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/Splunk_TA_snow/httplib2_helper/httplib2_py2/httplib2/init.py", line 1796, in _request
conn, request_uri, method, body, headers
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/Splunk_TA_snow/httplib2_helper/httplib2_py2/httplib2/init_.py", line 1737, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1137, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 448, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 404, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 772, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 659, in read
v = self._sslobj.read(len)
SSLError: ('The read operation timed out',)

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎01-20-2020 04:32 AM

This question is over a year old with no activity. You may get a response by posting a new question.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...