Is anyone able to get this to work? I've got the API setup and the app configured to use it on a heavy forwarder, but nothing happens. I don't get errors in the logs, or any logs generating for that matter either. Using splunk 6.2.4 heavy forwarder in Linux with a distributed environment. Checked main and index I assigned, as well as internal indexes for any logs- all contain no data from Nessus. I don't see any glaring indications splunk is even accessing the api in the Nessus logs.
I put in a ticket as I have splunk enterprise, but my guess is they'll take weeks to get back, hoping someone for the community may have figured this out. Thanks in advance for any help,
what have you done from here? http://docs.splunk.com/Documentation/AddOns/latest/Nessus/Troubleshoot
what was the result?
That seemed to help, now modinfo is populating with hosts (all blank) and history_ids. Just waiting for something to show up in the index now.
There are no logs to troubleshoot, nothing is there. Also, the modinputs directory doesn't even exist:
cd var/lib/splunk/modinputs
bash: cd: var/lib/splunk/modinputs: No such file or directory
Below is my inputs.conf, keys and IPs obfuscated:
[nessus]
interval = 86400
url = https://192.168.1.1:8834
access_key = access_key_here
secret_key = secret_key_here
start_date = 1999/01/01
page_size = 1000
index = nessus
metric = nessus_scan
batch_size = 0
Your input stanza needs a name: [nessus://My-Nessus-Hosts-Import].
The modinputs folder only gets created once the input has actually run for a first time.