First time installer of Qualys-TA. After completing all the setup in UI, i ran the command (as mentioned in page 26 of the docs: https://www.qualys.com/docs/qualys-ta-for-splunk.pdf😞 " cd $SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform $SPLUNK_HOME/bin/splunk cmd python ./bin/run.py -k -s -u <qualys username> -p <qualys password> " This throws an error in log ($SPLUNK_HOME/var/log/splunk/ta_QualysCloudPlatform.log) as follows: qualysModule.splunkpopulator.basepopulator.BasePopulatorException: could not load API response. Reason: 'Event' object has no attribute 'write_event' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualysModule/qualys_log_populator.py", line 240, in _run qlogger.error(e.message) AttributeError: 'BasePopulatorException' object has no attribute 'message' When i added more debug info to the various python scripts, i saw that the error pointed to "NoneType" for self.EVENT_WRITER. The above log contained more info as below: TA-QualysCloudPlatform: 2021-11-24 15:09:52 PID=564017 [MainThread] INFO: Python interpreter version = 3 TA-QualysCloudPlatform: 2021-11-24 15:09:52 PID=564017 [MainThread] INFO: Qualys TA version=1.8.11 TA-QualysCloudPlatform: 2021-11-24 15:09:52 PID=564017 [MainThread] INFO: Running for policy_posture_info. Host name to be used: $decideOnStartup. Index configured: main. Run duration: 9 * * * *. Default start date: 1999-01-01T00:00:00Z. TA-QualysCloudPlatform: 2021-11-24 15:09:52 PID=564017 [MainThread] INFO: TA-QualysCloudPlatform using username trann3ls73 and its associated password. TA-QualysCloudPlatform: 2021-11-24 15:09:52 PID=564017 [MainThread] INFO: API URL changed to https://qualysguard.qg3.apps.qualys.com for policy_posture_info data input TA-QualysCloudPlatform: 2021-11-24 15:09:52 PID=564017 [MainThread] INFO: Another instance of policy_posture_info is already running with PID 508724. I am exiting. on doing ps-ax | grep splunk, i could see many instances running as below: root@splunktest:/opt/splunk/etc/apps/TA-QualysCloudPlatform/tmp# ps ax | grep splunk 12657 ? Sl 15:28 splunkd -p 8090 start 12658 ? Ss 0:00 [splunkd pid=12657] splunkd -p 8090 start [process-runner] 508681 ? S 0:00 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 508724 ? S 0:00 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 508734 ? S 0:00 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 508908 ? S 0:21 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 555183 ? S 0:00 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 555192 ? S 0:00 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 555219 ? S 0:00 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py 565505 ? Sl 0:15 splunkd -p 8089 restart 565506 ? Ss 0:00 [splunkd pid=565505] splunkd -p 8089 restart [process-runner] Finally, after killing those PIDs , i could get rid of the error. This really needs to be fixed or a proper troubleshooting must be documented as it caused me headaches for 2 whole days! 🙂 Thanks!
... View more