- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Nessus Data Importer: Why am I getting error "...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When running nessus2splunkjson.sh, I get a successful connection to my Nessus system. The scans get processed, but then the script crashes out with an error:
File "nessus2splunkjson.py", line 310, in <module>
with open(filename, 'a') as outfilewhen:
IOError: [Errno 2] No such file or directory: '/splunk/etc/apps/TA-nessus_json/drop/sid_108_name web audit of http://"systemname";
I have changed the name to protect internal server names. The only change I made to the script was to change the default splunk install location from /opt to /splunk. I have tried running it with my default Python 2.6.6 and also with an altinstall of 2.7.10
Nothing gets generated in the drop directory, but there are lots of json files generated for the scans in the pickup directory. The file and directory permissions look fine, and I have tried running as splunk and root...
Any help much appreciated!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rveal, i have been doing some testing and it appears the spaces are ok, the "/" characters are what it does not like... did you get rid of the "//" after "http:" if thats the case then this is the reason it worked. That is, the removal of the "//". Can you confirm this and correctly mark this as the answer if so?
thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have given a easiest scan name with special character/digits/spaces in scan name 'TEST' but it still gives the same error:
Traceback (most recent call last):
File "./nessus2splunkjson.py", line 313, in <module>
with open(filename, 'a') as outfile:
IOError: [Errno 2] No such file or directory: '/opt/splunk/etc/apps/TA-nessus_json/drop/sid_146_name_TEST_hid_162.json'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@rveal, i have been doing some testing and it appears the spaces are ok, the "/" characters are what it does not like... did you get rid of the "//" after "http:" if thats the case then this is the reason it worked. That is, the removal of the "//". Can you confirm this and correctly mark this as the answer if so?
thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
for version 1.3 of nessus data importer, scan names with spaces are not compatible. Rename the scan or rerun under a different (non-space) name.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry your having this issue
on the file , nessus2splunkjson.py
look at lines 33 and 34 , are your "dropdir" and "pickupdir" correct and match your enviroment?
-also can you paste lines 310-315 from your nessus2splunkjson.py
-are you running the latest version 1.3?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
taking a guess here but it can also be the spaces in your scan name, if your scan(s) has spaces the same way your example does.. if this is the case please be sure to let me know.... ill test out as well.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Drop and pickup dirs are fine - they were the only thing I changed I believe (other than adding credentials etc.)
I attempted to import a scan without any spaces or underscores in the scan name and the script executed without any errors. There is a json file for the scan in the pickup directory.
On further inspection I have noticed that the default/inputs.conf file also has /opt/splunk set as the default for pickups directory so I have edited this too and hopefully this scan will get indexed.
Below are the code lines you requested:
with open(filename, 'a') as outfile:
json.dump(d, outfile)
sys.stdout.write("\rHost {0} of {1}".format(count, hostlen))
#drop file, do some logging
pickupfile = '{0}/sid_{1}_name_{2}_hid_{3}.json'.format(pickupdir,s,n,hid)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ok great(kind off) I would recommend you change the scan name to non-spaces if you want it immediately. I note this and see if its something I can work on for future versions.. that is " importing scan names with spaces"
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
