All Apps and Add-ons

Splunk Add-on For Tenable connection reset by peer

Path Finder

Hi All,

Am having issues with the Splunk Add-on for Tenable - receiving the error connection closed - hoping you guys can help!

Splunk Version: 6.55
Tenable version: 5.12


2018-05-24 06:09:25,812 +0000 log_level=ERROR, pid=19741, tid=Thread-4,, func_name=index_data, code_line_no=118 | [stanza_name="TSC_INPUT" data="sc_vulnerability" server="TNS_VM_SC"] Failed to index data
Traceback (most recent call last):
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 115, in index_data
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 148, in _do_safe_index
    self._client = self._create_data_client()
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 95, in _create_data_client
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 55, in __init__
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/", line 18, in do_job_one_time
    return _do_job_one_time(all_conf_contents, task_config, ckpt)
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/", line 53, in _do_job_one_time
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/", line 219, in get_security_center
    sc.login(username, password)
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/", line 45, in login
    result = self.perform_request('POST', 'token', data)
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/", line 133, in perform_request
    self._uri(path), method, data, headers)
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1609, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1272, in _conn_request
  File "/apps/pcehr/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1075, in connect
    raise socket.error, msg
error: [Errno 104] Connection reset by peer
0 Karma


It looks as if the TA is trying to log in (using HTTP POST), but the connection is reset which usually means that there is no service running on where it wants to connect to.
I'd double check any connection information you had to enter, like URL/IP/port, because this looks like an issue of the Tenable service not being available where you expected it to be.

Hope that helps.

0 Karma

Path Finder

Thanks for the reply xpac.

From the SecurityCenter POV - can see from the logs that the user/TA app is logging in successfully, but there is a delay from the Splunk TA error message, and successful login.

The service is running too 😕

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...