All Apps and Add-ons

setting up BSM audit collection

levyma2
Explorer

I"m tying to set up BSM Audit collection using the BSM+audit+log+loader app.
I've installed a universal Forwarder and am collecting /var/adm/messages ok.
When I try to test out the python script I get this error:

sh-3.2# splunk cmd /usr/bin/python bin/bsmping.py --noCache=true
Traceback (most recent call last):
File "bin/bsmping.py", line 10, in
import splunk.Intersplunk as si
ImportError: No module named splunk.Intersplunk
bash-3.2# /usr/bin/python bin/bsmping.py --noCache=True
Traceback (most recent call last):
File "bin/bsmping.py", line 10, in
import splunk.Intersplunk as si
ImportError: No module named splunk.Intersplunk
bash-3.2# env |grep splunk
OLDPWD=/opt/splunkforwarder/etc/apps/bsm/bin
SPLUNK_HOME=/opt/splunkforwarder
PATH=/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/ucb:/opt/splunkforwarder/bin
PWD=/opt/splunkforwarder/etc/apps/bsm
bash-3.2#

Any Ideas ?

Thanks

Mark

1 Solution

araitz
Splunk Employee
Splunk Employee

The BSM collector requires a heavy forwarder or full instance of Splunk, as the universal forwarder does not ship with a python interpreter or the requisite python modules.

View solution in original post

levyma2
Explorer

Araitz,

Is it possible to just copy over the 2 modules (Intersplunk & cli_common) and use the python instance installed with the OS (Solaris 10)?
I'd prefer not to install a full blown instance of Splunk with heavy forwarder on the solaris server.

Mark

0 Karma

araitz
Splunk Employee
Splunk Employee

The BSM collector requires a heavy forwarder or full instance of Splunk, as the universal forwarder does not ship with a python interpreter or the requisite python modules.

levyma2
Explorer

Thanks Araitz!

0 Karma

dwalgamotte
New Member

you can remove the python includes and the script still works

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...