I have Splunk configured to pull data from a Nessus Professional instance and for the most part it works fine but I noticed several recent scan reports weren't showing up. After some investigating, there were errors like the following during each pull attempt (every 12 hours):
2019-01-07 07:44:06,351 ERROR pid=9520 tid=MainThread file=nessus_rest_client.py:request:100 | Failed to connect https://<splunk server>/scans/166, reason=Traceback (most recent call last):
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\nessus_rest_client.py", line 80, in request
headers=headers)
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1291, in _conn_request
response = conn.getresponse()
File "E:\splunk\Python-2.7\Lib\httplib.py", line 1121, in getresponse
response.begin()
File "E:\splunk\Python-2.7\Lib\httplib.py", line 438, in begin
version, status, reason = self._read_status()
File "E:\splunk\Python-2.7\Lib\httplib.py", line 394, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "E:\splunk\Python-2.7\Lib\socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "E:\splunk\Python-2.7\Lib\ssl.py", line 772, in recv
return self.read(buflen)
File "E:\splunk\Python-2.7\Lib\ssl.py", line 659, in read
v = self._sslobj.read(len)
SSLError: ('The read operation timed out',)
I noted that over the past few weeks the same scan numbers were showing up repeatedly and checking in Nessus, these are indeed the missing scan reports. These happen to be the largest scan results so I suspect the time out is just that the Nessus server isn't responding fast enough and the Splunk app closes the connection.
Is there a way to increase the read timeout for this situation?
... View more