Im using Splunk 6.1.3 and Nessus TA 3.0.2 in a new environment (UBUNTU 64bits).
When I try to import/parse nessus v2 data the python script is not working.
$SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s INPUT -t OUTPUT
I did succesfully the same thing in the past.
Here is the output:
opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 3: $'\r\nCopyright (C) 2009-2012 Splunk Inc. All Rights Reserved.\r\n\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 5: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 6: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 7: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 8: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 9: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 10: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 11: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 12: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 13: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 14: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 15: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 16: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 17: $'\r': command not found
from: can't read /var/mail/splunk.appserver.mrsparkle.lib.util
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 19: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 21: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 22: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 23: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 24: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 25: syntax error near unexpected token ('
class PathType(object):
'opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 25:
In your first example, you're getting command not found because you are running the python script using the shell, not python. You haven't shown how you are running it so I'm not sure what's going wrong, and I'm not familiar enough with the app to guess how it is intended to be invoked.
In your first comment, you appear to be running a python script which expects to run in the Splunk environment, using splunk modules. However, it is being invoked with (presumably) the system python and certainly without the PYTHONPATH. Please try /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py ...
although I'm still not familiar enough with the app to know if that will produce the desired results.
In the second comment, it seems you have the script set up as a scripted input. It is complaining that /opt/nessus/input does not exist. Does it? The error message's guess that $SPLUNK_HOME
may not be set is implausible here, as splunkd will set $SPLUNK_HOME
before launching the script.
In your first example, you're getting command not found because you are running the python script using the shell, not python. You haven't shown how you are running it so I'm not sure what's going wrong, and I'm not familiar enough with the app to guess how it is intended to be invoked.
In your first comment, you appear to be running a python script which expects to run in the Splunk environment, using splunk modules. However, it is being invoked with (presumably) the system python and certainly without the PYTHONPATH. Please try /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py ...
although I'm still not familiar enough with the app to know if that will produce the desired results.
In the second comment, it seems you have the script set up as a scripted input. It is complaining that /opt/nessus/input does not exist. Does it? The error message's guess that $SPLUNK_HOME
may not be set is implausible here, as splunkd will set $SPLUNK_HOME
before launching the script.
10/27/14
7:14:36.290 PM
10-27-2014 19:14:36.290 -0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output" nessus2splunk.py: error: argument -s/--srcdir: Invalid path specified ($SPLUNK_HOME may not be set).
10/27/14
7:14:36.290 PM
10-27-2014 19:14:36.290 -0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output" nessus2splunk.py: error: argument -s/--srcdir: Invalid path specified ($SPLUNK_HOME may not be set).
root@ubuntu:/opt/splunk/etc/apps# python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output
Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py", line 18, in <module>
from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path
ImportError: No module named splunk.appserver.mrsparkle.lib.util
root@ubuntu:/opt/splunk/etc/apps#