All Apps and Add-ons

Qualys Technology Add-on (TA) for Splunk: How to debug error "Unable to initialize modular input "qualys" defined in app TA-QualysCloudPlatform"?

JeroenDenBoer
Explorer

We have a set of new build servers (Windows) with Splunk v 6.4.1. All data input goes via a separate heavy forwarder to the indexers.

When I install the latest TA-QualysCloudPlatform (on the HF) and try to start the thing, I get the message:

Unable to initialize modular input "qualys" defined inside the app "TA-QualysCloudPlatform": Introspecting scheme=qualys: script running failed (exited with code 1). 

According to the answers about similar issues (but with other apps), there has to be a path to java, which I've set. I see no java calls in the python scripts in the \etc\apps\TA-QualysCloudPlatform\bin (as far as I can judge it)

I want to debug this thing to see what might cause this error, but have no clue how to debug this.

java version used is java SE runtume 1.8.0-91

Anybody have any clue?

Update :
app seems to be linux only.
when running one of the python scripts directly i get an error "ImportError: No module named fcntl"
searching on an older installation (linux based) -> fcntl seems to be a library in the linux python 2.7 installation.
found a windows lookalike, worked fine for manual running the qualys.py script to see the scema, but in the end it didn't work : webinterface crashed at startup

to be continued.

update : solved the issue with installing an linux server.

0 Karma
1 Solution

prabhasgupte
Communicator

Hi,

Just to make it clear, the Qualys TA officially supports only Linux and Mac OS. If you look at the code, there are handful places where linux specific paths are used and that could be one of the reasons why execution fails. Modules imported could also be another reason.

If you do not have a specific requirement of hosting Splunk on Windows, can you try having a linux/mac setup?

View solution in original post

0 Karma

prabhasgupte
Communicator

Hi,

Just to make it clear, the Qualys TA officially supports only Linux and Mac OS. If you look at the code, there are handful places where linux specific paths are used and that could be one of the reasons why execution fails. Modules imported could also be another reason.

If you do not have a specific requirement of hosting Splunk on Windows, can you try having a linux/mac setup?

0 Karma

asdi32
Observer

Hello!

It seems 6 years have gone by and we still don't have an official stand from Qualys, which to me is mind blowing, they have the scale, resources and responsibility to make this work.

Anyways... Do you know of any work around that has come lately related to this?

Thank you!

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...