I've tried installing the QualysGuard app in Splunk 4.3.1 and 4.3.2 and I keep getting syntax errors such as the following at startup:
Error while parsing '/opt/splunk/etc/apps/QualysGuard/default/data/ui/views/PaxHeader/vuln_kb.xml':
syntax error: line 1, column 0
Error while parsing '/opt/splunk/etc/apps/QualysGuard/default/data/ui/views/PaxHeader/overview.xml':
syntax error: line 1, column 0
All of the PaxHeader XML files look something like this:
17 uid=223919950
20 ctime=1330543946
20 atime=1330543946
24 SCHILY.dev=234881026
23 SCHILY.ino=18306079
18 SCHILY.nlink=1
What do I need to do to get rid of those errors messages?
You can just delete all the PaxHeader folders in the QualysGuard app folder ($SPLUNK_HOME/etc/apps/QualysGuard). These folders are not used by Splunk, and once you delete them, the error message should disappear. I assume you are running on Windows? If yes, then you have to edit inputs.conf ($SPLUNK_HOME/etc/apps/QualysGuard/default/inputs.conf) to use the Windows settings, and edit config.ini to use your username and password for QualysGuard API server.
i do not have any PaxHeader folder beside; appserver, bin, default, local, log,and metadata. your thoughts?
i download and installed "Sideview Utils" and its not a bad idea to restart your splunk service for the change effect. This work for me both in Chrome and IE. Goodluck
sadly not and still trying to get it working 🙂 if you have any lead please share. thank you
Does Splunk for QualysGuard work for you? I have Sideview Utils 1.3.5 installed and it still does not work.