https://github.com/IMAPMailbox/IMAPmailbox/issues/8
run the following: echo|set /p="password_no_new_line_char" | "C:\Program Files\Splunk\bin\splunk.exe" cmd openssl bf -e -a -pass file:"C:\Program Files\Splunk\etc\auth\splunk.secret"
(replace password_no_new_line_char with the password for the mailbox you will be polling)
Set the output of the previous command as the xpassword value in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf as per the readme ( C:\Program Files\Splunk\etc\apps\IMAPmailbox\README.tx t ),
run the following: echo|set /p="password_no_new_line_char" | "C:\Program Files\Splunk\bin\splunk.exe" cmd openssl bf -e -a -pass file:"C:\Program Files\Splunk\etc\auth\splunk.secret"
(replace password_no_new_line_char with the password for the splunk user who has access to the web UI and REST API)
Set the output of the previous command as the splunkxpassword value in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf as per the readme ( C:\Program Files\Splunk\etc\apps\IMAPmailbox\README.txt ),
Set the mimeTypes value in in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf to any mime type you want to process, such as text/html,text/richtext,text/plain (this should be a comma separated list)
Set the folders value to INBOX or any other IMAP folder in in C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\imap.conf
Create a C:\Program Files\Splunk\etc\apps\IMAPmailbox\local\inputs.conf and input the following:
#disable *nix
[script://./bin/get_imap_email.py]
disabled = true
#enable windows
[script://.\bin\get_imap_email.py]
interval = 300
disabled = false
For IMAPmailbox, you must modify "C:\Program Files\Splunk\etc\apps\IMAPmailbox\bin\get_imap_email.py" in the following way:
modify each call to subprocess.Popen('openssl line with p = subprocess.Popen('openssl bf -d -a -pass file:\"%s\"' % (os.path.join(os.environ['SPLUNK_HOME'],'etc','auth', 'splunk.secret')), shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE) This nests the path to the secret file in double-quotes.
restart splunkd
debug the splunk app:
verify settings that are being used:
"C:\Program Files\Splunk\bin\splunk.exe" cmd btool --app=IMAPmailbox imap list --debug
"C:\Program Files\Splunk\bin\splunk.exe" cmd btool --app=IMAPmailbox inputs list --debug
run a test to verify IMAP connectivity, etc:
cd "C:\Program Files\Splunk\etc\apps\IMAPmailbox"
"C:\Program Files\Splunk\bin\splunk.exe" cmd python bin/get_imap_email.py --debug
... View more