All Apps and Add-ons

Splunk Add-on for Nessus: Why am I getting "command not found" python errors when I try to import nessus v2 data?

pedromvieira
Communicator

Im using Splunk 6.1.3 and Nessus TA 3.0.2 in a new environment (UBUNTU 64bits).
When I try to import/parse nessus v2 data the python script is not working.

$SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s INPUT -t OUTPUT

I did succesfully the same thing in the past.

Here is the output:
opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 3: $'\r\nCopyright (C) 2009-2012 Splunk Inc. All Rights Reserved.\r\n\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 5: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 6: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 7: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 8: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 9: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 10: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 11: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 12: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 13: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 14: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 15: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 16: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 17: $'\r': command not found
from: can't read /var/mail/splunk.appserver.mrsparkle.lib.util
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 19: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 21: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 22: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 23: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 24: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 25: syntax error near unexpected token ('
'opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 25:
class PathType(object):

0 Karma
1 Solution

jrodman
Splunk Employee
Splunk Employee

In your first example, you're getting command not found because you are running the python script using the shell, not python. You haven't shown how you are running it so I'm not sure what's going wrong, and I'm not familiar enough with the app to guess how it is intended to be invoked.

In your first comment, you appear to be running a python script which expects to run in the Splunk environment, using splunk modules. However, it is being invoked with (presumably) the system python and certainly without the PYTHONPATH. Please try /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py ... although I'm still not familiar enough with the app to know if that will produce the desired results.

In the second comment, it seems you have the script set up as a scripted input. It is complaining that /opt/nessus/input does not exist. Does it? The error message's guess that $SPLUNK_HOME may not be set is implausible here, as splunkd will set $SPLUNK_HOME before launching the script.

View solution in original post

jrodman
Splunk Employee
Splunk Employee

In your first example, you're getting command not found because you are running the python script using the shell, not python. You haven't shown how you are running it so I'm not sure what's going wrong, and I'm not familiar enough with the app to guess how it is intended to be invoked.

In your first comment, you appear to be running a python script which expects to run in the Splunk environment, using splunk modules. However, it is being invoked with (presumably) the system python and certainly without the PYTHONPATH. Please try /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py ... although I'm still not familiar enough with the app to know if that will produce the desired results.

In the second comment, it seems you have the script set up as a scripted input. It is complaining that /opt/nessus/input does not exist. Does it? The error message's guess that $SPLUNK_HOME may not be set is implausible here, as splunkd will set $SPLUNK_HOME before launching the script.

pedromvieira
Communicator
    10/27/14
7:14:36.290 PM  
10-27-2014 19:14:36.290 -0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output" nessus2splunk.py: error: argument -s/--srcdir: Invalid path specified ($SPLUNK_HOME may not be set).

    10/27/14
7:14:36.290 PM  
10-27-2014 19:14:36.290 -0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output" nessus2splunk.py: error: argument -s/--srcdir: Invalid path specified ($SPLUNK_HOME may not be set).
0 Karma

pedromvieira
Communicator
root@ubuntu:/opt/splunk/etc/apps# python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py", line 18, in <module>
    from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path
ImportError: No module named splunk.appserver.mrsparkle.lib.util
root@ubuntu:/opt/splunk/etc/apps#
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...