Solved: Re: Splunk for Asset Discovery: How to troubleshoo...

chrislibby · ‎12-20-2015

I'm trying to get Splunk for Asset Discovery working. The scripts work fine from the command line, and Splunk is running as root so it should work. However, there are no results and I cannot tell if the script is running. Can anyone help point me in the right direction?

MuS · ‎12-20-2015

Hi chrislibby,

like in the docs of the app written you have to change line 111 of nmap.sh to be like this:

 nmap $nargs $target #2>/dev/null

to get nmap errors. Also check for errors related to the script in splunkd.log

 index=_internal nmap.sh

cheers, MuS

View solution in original post

MuS · ‎12-20-2015

Hi chrislibby,

like in the docs of the app written you have to change line 111 of nmap.sh to be like this:

 nmap $nargs $target #2>/dev/null

to get nmap errors. Also check for errors related to the script in splunkd.log

 index=_internal nmap.sh

cheers, MuS

chrislibby · ‎12-21-2015

That lead me to these errors, which adding "unset LD_LIBRARY_PATH" fixed.

12-21-2015 09:44:32.005 -0500 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/asset_discovery/bin/nmap.sh" nmap: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by nmap)
12-21-2015 09:44:32.004 -0500 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/asset_discovery/bin/nmap.sh" nmap: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by nmap)

https://answers.splunk.com/answers/105439/no-port-scan-data.html

MuS · ‎12-21-2015

If this solved your problem and answered your question, please accept the answer - thanks 🙂

Splunk for Asset Discovery: How to troubleshoot why I am getting no results and if the script is running on Ubuntu 14.04

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024