Hi To All Splunkers,
I'm having problem on getting the data from McAfee epo to my splunk indexer server.
previously this was working, it so happened one day it stop capturing the data.
Below is the error message I found from the splunk log:
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" 'import site' failed; use -v for traceback
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" Traceback (most recent call last):
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" File "D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.py", line 2, in <module>
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" import pymssql
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" ImportError: No module named pymssql
09-22-2012 00:42:34.868 +0800 INFO ExecProcessor - Ran script: "D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat", took 190.0 milliseconds to run, 0 bytes read, exited with code 1
Thanks in advanced for the help.
I am pleased to announce that we've just released an add-on that can help you with this (using DB Connect instead of Python): http://apps.splunk.com/app/1819/
I have the same problem with Splunk 4.3.4 and ES 2.0 on the TA-mcafee, on a Windows platform. I am just setting this up, nothing is broken, but it's not working.
I only have the Python that comes with Splunk at c:\program files\splunk\bin\python.exe
I have modified mcafee_epo.bat to refer to the location of python.exe
@echo off
"C:\Program Files\Splunk\bin\python.exe" "C:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.py"
I have tried setting pythonhome and pythonpath environment variables to C:\program files\splunk\bin\ but this does not work.
When I run Python -v I see the error:
C:\Program Files\Splunk\bin>python -v
import zipimport # builtin
ImportError: No module named site
So, I think this is a Python problem and not a Splunk problem as such.
Python modules/path on the host system have changed?
Hi Lucas,
There was no changes made in the host system.
Correct me if i'm wrong, the host system that you are referring too is the Indexer server right?