All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

what is tripwire app httplib.BadStatusLine: '' error

oHable
Explorer
‎02-27-2015 04:20 AM

Hallo,

by executing the following command, i receive an error, timeframe of report generation does not matter:

/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"

I have no idea how i should interpret the return code:
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise BadStatusLine(line)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" httplib.BadStatusLine: ''

Any idea/hints/tips where to look into that to fix the error?

sincerely oliver

Logs from /opt/splunk/var/log/splunk/splunkd.log:
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" Traceback (most recent call last):
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 539, in
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" main()
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 57, in main
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" xml = client.report(args.title, args.type, params)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 500, in report
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" return self._attachment(self._do_soap('report', args, parseresult=False))
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 385, in _do_soap
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" s = self._opener.open(req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 404, in open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" response = self._open(req, data)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 422, in _open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" '_open', req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 382, in _call_chain
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" result = func(*args)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 1222, in https_open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" return self.do_open(httplib.HTTPSConnection, req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 1187, in do_open
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" r = h.getresponse(buffering=True)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 1067, in getresponse
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" response.begin()
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 409, in begin
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" version, status, reason = self._read_status()
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 373, in _read_status
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise BadStatusLine(line)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" httplib.BadStatusLine: ''
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" Traceback (most recent call last):
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire_fim.py", line 147, in
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" main()
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire_fim.py", line 136, in main
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" subprocess.check_call(cmd, shell=True)
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/subprocess.py", line 540, in check_call
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise CalledProcessError(retcode, cmd)
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" subprocess.CalledProcessError: Command '/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"' returned non-zero exit status 1

Tags (1)
0 Karma
Reply

oHable
Explorer
‎03-06-2015 12:29 AM

Hallo,
i found the "Troublemaker" :).
The error occures by communicating over a proxy server (mcaffee gateway), by exkluding the proxy and do the request with a direct connection, the script works well.

@excluding proxy (fast work around):
therefor i changed the /opt/splunk/etc/apps/te/bin/tripwire.py script the following way:

in class soap_client(object) -> methode (constructor) def init(self, server, username, password) i changed

  if SSL_ABILITY:
        self._opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj), urllib2.HTTPSHandler(context=sslcontext))
    else:
        self._opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))

to

   if SSL_ABILITY:
        self._opener = urllib2.build_opener(urllib2.ProxyHandler({}), urllib2.HTTPCookieProcessor(cj), urllib2.HTTPSHandler(context=sslcontext))
    else:
        self._opener = urllib2.build_opener(urllib2.ProxyHandler({}), urllib2.HTTPCookieProcessor(cj))

sincerely oliver

note: now i try to find a way to avoid that error by using the mcaffee proxy, when finished i will leave a note ...

0 Karma
Reply

oHable
Explorer
‎02-27-2015 04:22 AM

command errata:

/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "server as ip" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"

-s parameter was removed by posting my question ...

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...