When running nessus2splunkjson.sh, I get a successful connection to my Nessus system. The scans get processed, but then the script crashes out with an error:
File "nessus2splunkjson.py", line 310, in <module>
with open(filename, 'a') as outfilewhen:
IOError: [Errno 2] No such file or directory: '/splunk/etc/apps/TA-nessus_json/drop/sid_108_name web audit of http://"systemname";
I have changed the name to protect internal server names. The only change I made to the script was to change the default splunk install location from /opt to /splunk. I have tried running it with my default Python 2.6.6 and also with an altinstall of 2.7.10
Nothing gets generated in the drop directory, but there are lots of json files generated for the scans in the pickup directory. The file and directory permissions look fine, and I have tried running as splunk and root...
Any help much appreciated!
@rveal, i have been doing some testing and it appears the spaces are ok, the "/" characters are what it does not like... did you get rid of the "//" after "http:" if thats the case then this is the reason it worked. That is, the removal of the "//". Can you confirm this and correctly mark this as the answer if so?
thanks
I have given a easiest scan name with special character/digits/spaces in scan name 'TEST' but it still gives the same error:
Traceback (most recent call last):
File "./nessus2splunkjson.py", line 313, in <module>
with open(filename, 'a') as outfile:
IOError: [Errno 2] No such file or directory: '/opt/splunk/etc/apps/TA-nessus_json/drop/sid_146_name_TEST_hid_162.json'
@rveal, i have been doing some testing and it appears the spaces are ok, the "/" characters are what it does not like... did you get rid of the "//" after "http:" if thats the case then this is the reason it worked. That is, the removal of the "//". Can you confirm this and correctly mark this as the answer if so?
thanks
for version 1.3 of nessus data importer, scan names with spaces are not compatible. Rename the scan or rerun under a different (non-space) name.
sorry your having this issue
on the file , nessus2splunkjson.py
look at lines 33 and 34 , are your "dropdir" and "pickupdir" correct and match your enviroment?
-also can you paste lines 310-315 from your nessus2splunkjson.py
-are you running the latest version 1.3?
taking a guess here but it can also be the spaces in your scan name, if your scan(s) has spaces the same way your example does.. if this is the case please be sure to let me know.... ill test out as well.
Drop and pickup dirs are fine - they were the only thing I changed I believe (other than adding credentials etc.)
I attempted to import a scan without any spaces or underscores in the scan name and the script executed without any errors. There is a json file for the scan in the pickup directory.
On further inspection I have noticed that the default/inputs.conf file also has /opt/splunk set as the default for pickups directory so I have edited this too and hopefully this scan will get indexed.
Below are the code lines you requested:
with open(filename, 'a') as outfile:
json.dump(d, outfile)
sys.stdout.write("\rHost {0} of {1}".format(count, hostlen))
#drop file, do some logging
pickupfile = '{0}/sid_{1}_name_{2}_hid_{3}.json'.format(pickupdir,s,n,hid)
ok great(kind off) I would recommend you change the scan name to non-spaces if you want it immediately. I note this and see if its something I can work on for future versions.. that is " importing scan names with spaces"