Qualys app is having an issue in retrieving the p...

Hemnaath · ‎10-26-2017

Hi All Currently we are facing an issue in retrieving the password from the app file and we are getting the below error in
/opt/splunk/var/log/splunk/ta_QualysCloudPlatform.log

Error Details:

TA-QualysCloudPlatform: 2017-10-18T00:10:46Z PID=20224 [MainThread] ERROR: TA-QualysCloudPlatform - Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/TA-QualysCloudPlatform/admin/passwords: [Errno 111] Connection refused',)
TA-QualysCloudPlatform: 2017-10-18T00:11:46Z PID=20229 [MainThread] ERROR: TA-QualysCloudPlatform - Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/TA-QualysCloudPlatform/admin/passwords: [Errno 111] Connection refused',)
TA-QualysCloudPlatform: 2017-10-19T14:09:40Z PID=64521 [MainThread] ERROR: TA-QualysCloudPlatform - Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/TA-QualysCloudPlatform/admin/passwords: [Errno 111] Connection refused',)
TA-QualysCloudPlatform: 2017-10-19T14:10:39Z PID=64533 [MainThread] ERROR: TA-QualysCloudPlatform - Could not get TA-QualysCloudPlatform credentials from Splunk. Cannot continue. Error: Splunkd daemon is not responding: ('Error connecting to /servicesNS/nobody/TA-QualysCloudPlatform/admin/passwords: [Errno 111] Connection refused',)
TA-QualysCloudPlatform: 2017-10-20T01:40:56Z PID=12944 [MainThread] ERROR: TA-QualysCloudPlatform - Error during request to /msp/about.php, [None] Tunnel connection failed: 503 Service Unavailable.

Qualys add-on version : 1.1.0.20161024
Add-on is installed in the Heavy forwarder instance and search head cluster members.

Kindly guide me how to fix this issue.

PCT80000 · ‎10-27-2017

Hello,

Is it worth checking permissions to the .conf file containing the password? Our installation holds this in \local\passwords.conf

Hemnaath · ‎10-27-2017

Hi we have set the passwords.conf file under this location "/opt/splunk/etc/apps/TA-QualysCloudPlatform/local/passwords.conf " its owned by splunk

-rw-r--r-- 1 splunk splunk 46 Jul 7 11:39 passwords.conf

PCT80000 · ‎10-27-2017

That matches our perms. Apologies but I can't think of any other suggestions here.

Hemnaath · ‎10-27-2017

hey I had raised a splunk support ticket but it seem splunk is not supporting this app and they informed to contact the APP developer. Not sure how to raise a ticket with the app developer.

can you guide on this.

thanks in advance.

Hemnaath · ‎11-01-2017

Hi All, Can anyone guide me how to raise a ticket with the app developer ?

thanks in advance.

Hemnaath · ‎11-13-2017

Hi All, We are able to get the qualys data in to splunk, after re-installing / re -configuring the app completely. We have update the TA-Qualys Add-on with the latest version 1.2.3.

Hemnaath · ‎10-27-2017

Hi All, Can anyone guide me how to fix this issue.
thanks in advance.

Qualys app is having an issue in retrieving the password from the app file ?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Qualys app is having an issue in retrieving the password from the app file ?

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?