Solved: Why am I not retrieving scan data, only plugin dat...

msketteran · ‎07-25-2016

I am retrieving plugin data just fine. However, at the same time I am not receiving any scan data. I found the following error log entry:

2016-07-25 09:39:44,912 ERROR pid=35903 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://xxx.xxx.xxx.xxx:8834/scans/194, reason=Traceback (most recent call last):
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self.request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 1136, in getresponse
response.begin()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 453, in begin
version, status, reason = self._read_status()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 409, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/Applications/Splunk/lib/python2.7/socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "/Applications/Splunk/lib/python2.7/ssl.py", line 734, in recv
return self.read(buflen)
File "/Applications/Splunk/lib/python2.7/ssl.py", line 621, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)

rwang_splunk · ‎07-25-2016

Hi msketteran

Try to use the following command in console to check whether it is a problem of the network.
curl -k -H "Accept: application/json" -H "Content-Type: application/json" -H "X-ApiKeys: accessKey=YOUR ACCESSKEY; secretKey=YOUR SECRET KEY" -X GET https://xxx.xxx.xxx.xxx:8834/scans/194
If you cannot connect the network successfully, try to check the network configuration. Otherwise, it might be a bug related to this add-on, you can file a customer ticket and we can have further investigation.
thanks.

View solution in original post

aosso · ‎08-24-2016

Did you configure a proxy for the add-on to get plugin information?

If so, it will try to connect also to the Nessus instance via that proxy. If the Nessus interface is not reachable through that proxy, then it will fail to connect.

msketteran · ‎07-26-2016

Tried the curl command and retrieved the scan just fine. I'll look into filing a ticket.

kurthin · ‎05-05-2017

I have this same issue and also get results from this command with no errors

rwang_splunk · ‎07-25-2016

Hi msketteran

Try to use the following command in console to check whether it is a problem of the network.
curl -k -H "Accept: application/json" -H "Content-Type: application/json" -H "X-ApiKeys: accessKey=YOUR ACCESSKEY; secretKey=YOUR SECRET KEY" -X GET https://xxx.xxx.xxx.xxx:8834/scans/194
If you cannot connect the network successfully, try to check the network configuration. Otherwise, it might be a bug related to this add-on, you can file a customer ticket and we can have further investigation.
thanks.

Why am I not retrieving scan data, only plugin data?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms