All Apps and Add-ons

Qualys Technology Add-on (TA) for Splunk: How to debug error "Unable to initialize modular input "qualys" defined in app TA-QualysCloudPlatform"?

JeroenDenBoer
Explorer

We have a set of new build servers (Windows) with Splunk v 6.4.1. All data input goes via a separate heavy forwarder to the indexers.

When I install the latest TA-QualysCloudPlatform (on the HF) and try to start the thing, I get the message:

Unable to initialize modular input "qualys" defined inside the app "TA-QualysCloudPlatform": Introspecting scheme=qualys: script running failed (exited with code 1). 

According to the answers about similar issues (but with other apps), there has to be a path to java, which I've set. I see no java calls in the python scripts in the \etc\apps\TA-QualysCloudPlatform\bin (as far as I can judge it)

I want to debug this thing to see what might cause this error, but have no clue how to debug this.

java version used is java SE runtume 1.8.0-91

Anybody have any clue?

Update :
app seems to be linux only.
when running one of the python scripts directly i get an error "ImportError: No module named fcntl"
searching on an older installation (linux based) -> fcntl seems to be a library in the linux python 2.7 installation.
found a windows lookalike, worked fine for manual running the qualys.py script to see the scema, but in the end it didn't work : webinterface crashed at startup

to be continued.

update : solved the issue with installing an linux server.

0 Karma
1 Solution

prabhasgupte
Communicator

Hi,

Just to make it clear, the Qualys TA officially supports only Linux and Mac OS. If you look at the code, there are handful places where linux specific paths are used and that could be one of the reasons why execution fails. Modules imported could also be another reason.

If you do not have a specific requirement of hosting Splunk on Windows, can you try having a linux/mac setup?

View solution in original post

0 Karma

prabhasgupte
Communicator

Hi,

Just to make it clear, the Qualys TA officially supports only Linux and Mac OS. If you look at the code, there are handful places where linux specific paths are used and that could be one of the reasons why execution fails. Modules imported could also be another reason.

If you do not have a specific requirement of hosting Splunk on Windows, can you try having a linux/mac setup?

0 Karma

asdi32
Observer

Hello!

It seems 6 years have gone by and we still don't have an official stand from Qualys, which to me is mind blowing, they have the scale, resources and responsibility to make this work.

Anyways... Do you know of any work around that has come lately related to this?

Thank you!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...