All Apps and Add-ons

Qualys Technology Add-on (TA) for Splunk: How to debug error "Unable to initialize modular input "qualys" defined in app TA-QualysCloudPlatform"?

JeroenDenBoer
Explorer

We have a set of new build servers (Windows) with Splunk v 6.4.1. All data input goes via a separate heavy forwarder to the indexers.

When I install the latest TA-QualysCloudPlatform (on the HF) and try to start the thing, I get the message:

Unable to initialize modular input "qualys" defined inside the app "TA-QualysCloudPlatform": Introspecting scheme=qualys: script running failed (exited with code 1). 

According to the answers about similar issues (but with other apps), there has to be a path to java, which I've set. I see no java calls in the python scripts in the \etc\apps\TA-QualysCloudPlatform\bin (as far as I can judge it)

I want to debug this thing to see what might cause this error, but have no clue how to debug this.

java version used is java SE runtume 1.8.0-91

Anybody have any clue?

Update :
app seems to be linux only.
when running one of the python scripts directly i get an error "ImportError: No module named fcntl"
searching on an older installation (linux based) -> fcntl seems to be a library in the linux python 2.7 installation.
found a windows lookalike, worked fine for manual running the qualys.py script to see the scema, but in the end it didn't work : webinterface crashed at startup

to be continued.

update : solved the issue with installing an linux server.

0 Karma
1 Solution

prabhasgupte
Communicator

Hi,

Just to make it clear, the Qualys TA officially supports only Linux and Mac OS. If you look at the code, there are handful places where linux specific paths are used and that could be one of the reasons why execution fails. Modules imported could also be another reason.

If you do not have a specific requirement of hosting Splunk on Windows, can you try having a linux/mac setup?

View solution in original post

0 Karma

prabhasgupte
Communicator

Hi,

Just to make it clear, the Qualys TA officially supports only Linux and Mac OS. If you look at the code, there are handful places where linux specific paths are used and that could be one of the reasons why execution fails. Modules imported could also be another reason.

If you do not have a specific requirement of hosting Splunk on Windows, can you try having a linux/mac setup?

0 Karma