That got most of the way. I now see data coming into index nessus, specifically sourcetype=nessus:plugin. Unfortunately, I do not seem to be getting any sourcetype=nessus:scan data.
Searching for index=internal sourcetype=ta:nessus:log again gets me the following data for the run today:
11/4/15
2:07:37.456 PM
2015-11-04 14:07:37,456 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/21, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:06:01.359 PM
2015-11-04 14:06:01,359 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/2, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:05:17.403 PM
2015-11-04 14:05:17,403 ERROR pid=5201 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://axe1util03p.anixter.com:8834/plugins/families/1, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1073, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 415, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 371, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 476, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 714, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 608, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.133 PM
2015-11-04 14:04:11,133 ERROR pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:157 | Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus.py", line 147, in get_nessus_modinput_configs
input_conf = config.get_data_input(input_name)
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_config.py", line 186, in get_data_input
check_conf_mgr_result(False, "Cannot get the encrypted keys.")
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus_config.py", line 27, in check_conf_mgr_result
raise NessusConfigException(msg)
NessusConfigException: Cannot get the encrypted keys.
Collapse
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.132 PM
2015-11-04 14:04:11,132 ERROR pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:156 | Failed to setup config for nessus TA: Cannot get the encrypted keys.
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:11.132 PM
2015-11-04 14:04:11,132 ERROR pid=5205 tid=MainThread file=nessus_config.py:check_conf_mgr_result:26 | Cannot get the encrypted keys.
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.981 PM
2015-11-04 14:04:10,981 INFO pid=5205 tid=MainThread file=nessus.py:get_nessus_modinput_configs:142 | Set loglevel to WARN
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.966 PM
2015-11-04 14:04:10,966 INFO pid=5201 tid=MainThread file=nessus.py:get_nessus_modinput_configs:142 | Set loglevel to WARN
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM
2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:206 | Proxy username is empty. Try to delete the encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM
2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:198 | Encrypt the proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.710 PM
2015-11-04 14:04:10,710 INFO pid=5201 tid=MainThread file=nessus_config.py:update_nessus_conf:66 | Update nessus.conf
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.709 PM
2015-11-04 14:04:10,709 INFO pid=5201 tid=MainThread file=nessus_config.py:get_nessus_conf:80 | Try to get encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:206 | Proxy username is empty. Try to delete the encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:_encrypt_nessus_conf:198 | Encrypt the proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:update_nessus_conf:66 | Update nessus.conf
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.689 PM
2015-11-04 14:04:10,689 INFO pid=5205 tid=MainThread file=nessus_config.py:get_nessus_conf:80 | Try to get encrypted proxy username & password
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:10.335 PM
2015-11-04 14:04:10,335 INFO pid=5205 tid=MainThread file=nessus.py:main:260 | Start nessus TA
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
11/4/15
2:04:09.876 PM
2015-11-04 14:04:09,876 INFO pid=5201 tid=MainThread file=nessus.py:main:260 | Start nessus TA
host = axe1splkh01p.anixter.com source = /opt/splunk/var/log/splunk/ta_nessus.log sourcetype = ta:nessus:log
... View more