All Apps and Add-ons

setting up BSM audit collection

levyma2
Explorer

I"m tying to set up BSM Audit collection using the BSM+audit+log+loader app.
I've installed a universal Forwarder and am collecting /var/adm/messages ok.
When I try to test out the python script I get this error:

sh-3.2# splunk cmd /usr/bin/python bin/bsmping.py --noCache=true
Traceback (most recent call last):
File "bin/bsmping.py", line 10, in
import splunk.Intersplunk as si
ImportError: No module named splunk.Intersplunk
bash-3.2# /usr/bin/python bin/bsmping.py --noCache=True
Traceback (most recent call last):
File "bin/bsmping.py", line 10, in
import splunk.Intersplunk as si
ImportError: No module named splunk.Intersplunk
bash-3.2# env |grep splunk
OLDPWD=/opt/splunkforwarder/etc/apps/bsm/bin
SPLUNK_HOME=/opt/splunkforwarder
PATH=/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/ucb:/opt/splunkforwarder/bin
PWD=/opt/splunkforwarder/etc/apps/bsm
bash-3.2#

Any Ideas ?

Thanks

Mark

1 Solution

araitz
Splunk Employee
Splunk Employee

The BSM collector requires a heavy forwarder or full instance of Splunk, as the universal forwarder does not ship with a python interpreter or the requisite python modules.

View solution in original post

levyma2
Explorer

Araitz,

Is it possible to just copy over the 2 modules (Intersplunk & cli_common) and use the python instance installed with the OS (Solaris 10)?
I'd prefer not to install a full blown instance of Splunk with heavy forwarder on the solaris server.

Mark

0 Karma

araitz
Splunk Employee
Splunk Employee

The BSM collector requires a heavy forwarder or full instance of Splunk, as the universal forwarder does not ship with a python interpreter or the requisite python modules.

levyma2
Explorer

Thanks Araitz!

0 Karma

dwalgamotte
New Member

you can remove the python includes and the script still works

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...