All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for Asset Discovery: How to troubleshoot why I am getting no results and if the script is running on Ubuntu 14.04

chrislibby
Engager
‎12-20-2015 12:41 PM

I'm trying to get Splunk for Asset Discovery working. The scripts work fine from the command line, and Splunk is running as root so it should work. However, there are no results and I cannot tell if the script is running. Can anyone help point me in the right direction?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

MuS
Legend
‎12-20-2015 02:30 PM

Hi chrislibby,

like in the docs of the app written you have to change line 111 of nmap.sh to be like this:

 nmap $nargs $target #2>/dev/null

to get nmap errors. Also check for errors related to the script in splunkd.log

 index=_internal nmap.sh

cheers, MuS

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

MuS
Legend
‎12-20-2015 02:30 PM

Hi chrislibby,

like in the docs of the app written you have to change line 111 of nmap.sh to be like this:

 nmap $nargs $target #2>/dev/null

to get nmap errors. Also check for errors related to the script in splunkd.log

 index=_internal nmap.sh

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

chrislibby
Engager
‎12-21-2015 12:39 PM

That lead me to these errors, which adding "unset LD_LIBRARY_PATH" fixed.

12-21-2015 09:44:32.005 -0500 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/asset_discovery/bin/nmap.sh" nmap: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by nmap)
12-21-2015 09:44:32.004 -0500 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/asset_discovery/bin/nmap.sh" nmap: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by nmap)

https://answers.splunk.com/answers/105439/no-port-scan-data.html

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎12-21-2015 02:26 PM

If this solved your problem and answered your question, please accept the answer - thanks 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...