All Apps and Add-ons

Nessus 6 support not working in version 4

JSkier
Communicator

Is anyone able to get this to work? I've got the API setup and the app configured to use it on a heavy forwarder, but nothing happens. I don't get errors in the logs, or any logs generating for that matter either. Using splunk 6.2.4 heavy forwarder in Linux with a distributed environment. Checked main and index I assigned, as well as internal indexes for any logs- all contain no data from Nessus. I don't see any glaring indications splunk is even accessing the api in the Nessus logs.

I put in a ticket as I have splunk enterprise, but my guess is they'll take weeks to get back, hoping someone for the community may have figured this out. Thanks in advance for any help,

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

what have you done from here? http://docs.splunk.com/Documentation/AddOns/latest/Nessus/Troubleshoot

what was the result?

JSkier
Communicator

That seemed to help, now modinfo is populating with hosts (all blank) and history_ids. Just waiting for something to show up in the index now.

0 Karma

JSkier
Communicator

There are no logs to troubleshoot, nothing is there. Also, the modinputs directory doesn't even exist:

cd var/lib/splunk/modinputs
bash: cd: var/lib/splunk/modinputs: No such file or directory

Below is my inputs.conf, keys and IPs obfuscated:
[nessus]
interval = 86400
url = https://192.168.1.1:8834
access_key = access_key_here
secret_key = secret_key_here
start_date = 1999/01/01
page_size = 1000
index = nessus
metric = nessus_scan
batch_size = 0

0 Karma

evandervalk
Engager

Your input stanza needs a name: [nessus://My-Nessus-Hosts-Import].
The modinputs folder only gets created once the input has actually run for a first time.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...