Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About xilu87
xilu87
New Member
Member since:
05-24-2011
11-17-2020
Community Statistics
| Posts | 2 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 05-24-2011 |
Activity Feed
- Posted After installing the File/Directory Information Input, why am I getting "NameError: global name 'logger' is not defined"? on All Apps and Add-ons. 05-24-2016 01:45 PM
- Tagged After installing the File/Directory Information Input, why am I getting "NameError: global name 'logger' is not defined"? on All Apps and Add-ons. 05-24-2016 01:45 PM
- Posted Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed? on Splunk Search. 05-18-2016 09:35 AM
- Tagged Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed? on Splunk Search. 05-18-2016 09:35 AM
- Tagged Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed? on Splunk Search. 05-18-2016 09:35 AM
- Tagged Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed? on Splunk Search. 05-18-2016 09:35 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
05-24-2016
01:45 PM
After install, i'm getting an error:
==> var/log/splunk/file_meta_data_modular_input.log <==
2016-05-24 22:40:08,585 INFO Time is later than filter, st_ctime=1463219347.5115333, must_be_later_than=None, path=u'/etc/audit_proba'
2016-05-24 22:40:08,586 INFO Time is later than filter, st_mtime=1463219347.5115333, must_be_later_than=None, path=u'/etc/audit_proba'
2016-05-24 22:40:08,586 INFO Time is later than filter, st_ctime=1463207368.1592515, must_be_later_than=None, path=u'/etc/networks'
2016-05-24 22:40:08,586 INFO Time is later than filter, st_mtime=1392864236.0, must_be_later_than=None, path=u'/etc/networks'
2016-05-24 22:40:08,587 INFO Time is later than filter, st_ctime=1463209453.5112169, must_be_later_than=None, path=u'/etc/issue.net'
2016-05-24 22:40:08,587 INFO Time is later than filter, st_mtime=1455641008.0, must_be_later_than=None, path=u'/etc/issue.net'
2016-05-24 22:40:08,588 INFO Time is later than filter, st_ctime=1463207368.1672513, must_be_later_than=None, path=u'/etc/securetty'
2016-05-24 22:40:08,588 INFO Time is later than filter, st_mtime=1392604967.0, must_be_later_than=None, path=u'/etc/securetty'
2016-05-24 22:40:08,588 INFO Time is later than filter, st_ctime=1464110338.292777, must_be_later_than=None, path=u'/etc/mtab'
2016-05-24 22:40:08,589 INFO Time is later than filter, st_mtime=1464110338.292777, must_be_later_than=None, path=u'/etc/mtab'
2016-05-24 22:40:08,589 INFO Time is later than filter, st_ctime=1463209160.1531472, must_be_later_than=None, path=u'/etc/kernel-img.conf'
2016-05-24 22:40:08,589 INFO Time is later than filter, st_mtime=1463209160.1531472, must_be_later_than=None, path=u'/etc/kernel-img.conf'
2016-05-24 22:40:08,590 INFO Time is later than filter, st_ctime=1463208753.997147, must_be_later_than=None, path=u'/etc/popularity-contest.conf'
2016-05-24 22:40:08,590 INFO Time is later than filter, st_mtime=1463208753.997147, must_be_later_than=None, path=u'/etc/popularity-contest.conf'
2016-05-24 22:40:08,590 INFO Time is later than filter, st_ctime=1463207368.1472514, must_be_later_than=None, path=u'/etc/ld.so.conf'
2016-05-24 22:40:08,591 INFO Time is later than filter, st_mtime=1438751511.0, must_be_later_than=None, path=u'/etc/ld.so.conf'
2016-05-24 22:40:08,591 INFO Time is later than filter, st_ctime=1463207378.71088, must_be_later_than=None, path=u'/etc/hosts'
2016-05-24 22:40:08,591 INFO Time is later than filter, st_mtime=1463207378.71088, must_be_later_than=None, path=u'/etc/hosts'
2016-05-24 22:40:08,592 INFO Time is later than filter, st_ctime=1463207368.1272514, must_be_later_than=None, path=u'/etc/crontab'
2016-05-24 22:40:08,592 INFO Time is later than filter, st_mtime=1360393340.0, must_be_later_than=None, path=u'/etc/crontab'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_ctime=1463207368.1552515, must_be_later_than=None, path=u'/etc/mime.types'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_mtime=1368446165.0, must_be_later_than=None, path=u'/etc/mime.types'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_ctime=1463992499.283533, must_be_later_than=None, path=u'/etc/subgid'
2016-05-24 22:40:08,593 INFO Time is later than filter, st_mtime=1463992499.1515331, must_be_later_than=None, path=u'/etc/subgid'
2016-05-24 22:40:08,594 INFO Time is later than filter, st_ctime=1463207368.1512513, must_be_later_than=None, path=u'/etc/logrotate.conf'
2016-05-24 22:40:08,594 INFO Time is later than filter, st_mtime=1390414763.0, must_be_later_than=None, path=u'/etc/logrotate.conf'
2016-05-24 22:40:08,594 INFO Time is later than filter, st_ctime=1463207368.1552515, must_be_later_than=None, path=u'/etc/mke2fs.conf'
2016-05-24 22:40:08,595 INFO Time is later than filter, st_mtime=1392809455.0, must_be_later_than=None, path=u'/etc/mke2fs.conf'
2016-05-24 22:40:08,595 INFO Time is later than filter, st_ctime=1463207368.1672513, must_be_later_than=None, path=u'/etc/rmt'
2016-05-24 22:40:08,595 INFO Time is later than filter, st_mtime=1391519759.0, must_be_later_than=None, path=u'/etc/rmt'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_ctime=1463207368.1752515, must_be_later_than=None, path=u'/etc/sysctl.conf'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_mtime=1364783131.0, must_be_later_than=None, path=u'/etc/sysctl.conf'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_ctime=1463207368.1272514, must_be_later_than=None, path=u'/etc/debian_version'
2016-05-24 22:40:08,596 INFO Time is later than filter, st_mtime=1392864236.0, must_be_later_than=None, path=u'/etc/debian_version'
2016-05-24 22:40:08,597 INFO Time is later than filter, st_ctime=1463207374.6428442, must_be_later_than=None, path=u'/etc/fstab'
2016-05-24 22:40:08,597 INFO Time is later than filter, st_mtime=1463207366.7432404, must_be_later_than=None, path=u'/etc/fstab'
2016-05-24 22:40:08,597 WARNING Unable to access path="/etc/blkid.tab", reason="[Errno 2] No such file or directory: '/etc/blkid.tab'"
2016-05-24 22:40:08,598 INFO Time is later than filter, st_ctime=1463208789.6171472, must_be_later_than=None, path=u'/etc/ltrace.conf'
2016-05-24 22:40:08,598 INFO Time is later than filter, st_mtime=1399679435.0, must_be_later_than=None, path=u'/etc/ltrace.conf'
2016-05-24 22:40:08,598 INFO Time is later than filter, st_ctime=1463207368.1632514, must_be_later_than=None, path=u'/etc/protocols'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_mtime=1388401735.0, must_be_later_than=None, path=u'/etc/protocols'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_ctime=1463209453.899217, must_be_later_than=None, path=u'/etc/lsb-release'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_mtime=1455640151.0, must_be_later_than=None, path=u'/etc/lsb-release'
2016-05-24 22:40:08,599 INFO Time is later than filter, st_ctime=1463208858.1891472, must_be_later_than=None, path=u'/etc/screenrc'
2016-05-24 22:40:08,600 INFO Time is later than filter, st_mtime=1332278088.0, must_be_later_than=None, path=u'/etc/screenrc'
2016-05-24 22:40:08,600 INFO Time is later than filter, st_ctime=1463207368.1632514, must_be_later_than=None, path=u'/etc/rc.local'
2016-05-24 22:40:08,600 INFO Time is later than filter, st_mtime=1438751525.0, must_be_later_than=None, path=u'/etc/rc.local'
2016-05-24 22:40:08,601 INFO Time is later than filter, st_ctime=1463207368.1512513, must_be_later_than=None, path=u'/etc/locale.alias'
2016-05-24 22:40:08,601 INFO Time is later than filter, st_mtime=1281023834.0, must_be_later_than=None, path=u'/etc/locale.alias'
2016-05-24 22:40:08,601 ERROR Execution failed
Traceback (most recent call last):
File "/opt/splunk/etc/apps/file_meta_data/bin/file_info_app/modular_input.py", line 1320, in execute
self.do_run(in_stream, log_exception_and_continue=True)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_info_app/modular_input.py", line 1220, in do_run
input_config)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 336, in run
results, new_latest_time = self.get_files_data(file_path, logger=self.logger, latest_time=latest_time, must_be_later_than=must_be_later_than, file_hash_limit=file_hash_limit)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 139, in get_files_data
info, this_latest_time = cls.get_file_data(os.path.join(root, name), logger, latest_time_derived, must_be_later_than, file_hash_limit)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 214, in get_file_data
file_hash = cls.get_file_hash(file_path)
File "/opt/splunk/etc/apps/file_meta_data/bin/file_meta_data.py", line 184, in get_file_hash
if logger:
NameError: global name 'logger' is not defined
==> var/log/splunk/splunkd.log <==
05-24-2016 22:40:08.602 +0200 WARN ExecProcessor - Streaming XML data: Expected tag "event", instead received "error".
05-24-2016 22:40:08.602 +0200 WARN ExecProcessor - Streaming XML data: Expected tag "event", instead received "message".
My config:
[file_meta_data://etc]
file_hash_limit = 500MB
file_path = /etc
include_file_hash = 1
index = change_management
interval = 60
only_if_changed = 0
recurse = 1
sourcetype = linux_etc
disabled = 0
Version: Splunk 6.4.0 (build f2c836328108)
... View more
05-18-2016
09:35 AM
Hi,
I have created a script input deployed on several servers which creates a lot of hashes from /etc folder and sub folders. ~1300 files with fingerprint
With rex I have extracted the fields:
_raw=272913026300e7ae9b5e2d51f138e674 /etc/filename valid fields: hash=272913026300e7ae9b5e2d51f138e674 file=/etc/filename host=server1, server2, server3, serverX
_time=every 2 minutes
My search is scheduled every 3 minutes:
index="linux" sourcetype="config_hash" | rex field=_raw "(?<hash>.*)\s\s(?<file>.*)" | diff attribute=file position1=1 position2=2
But I get irrelevant result. The result's file hash is the same.
It is possible to display if some of the hash of /etc/ files has changed?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-17-2020
01:51 PM
|
