We've configured Sophos Central v 1.05 on our dev server and everything works correctly. When we move the same configuration to our production distributed architecture, it fails. We see multiple errors "ERROR ExecProcessor - message from "phython /opt/splunk/etc/apps/sophos_central/bin/sophos_events.ph", and nothing ever hits the firewall. I've seen other questions posted about errors with sophos_events.py and we've verified that those are not our problem. Any Ideas?
When you say to have moved it to a distributed architecture, what do you mean?
You would want to run the app with a configured account on a single machine like a heavy forwarder, or maybe on your search head.
Be sure to only configure 1 server to perform the collection, lest bad things (like duplication) may happen.
If your installing on multiple servers, it will nag you on each to run the setup - to bypass this add "is_configured = true" in the local/app.conf .
Maybe i'll add that option in 1.0.6