All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Add-on for Nessus: Why am I getting "command not found" python errors when I try to import nessus v2 data?

pedromvieira
Communicator
‎10-27-2014 11:38 AM

Im using Splunk 6.1.3 and Nessus TA 3.0.2 in a new environment (UBUNTU 64bits).
When I try to import/parse nessus v2 data the python script is not working.

$SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s INPUT -t OUTPUT

I did succesfully the same thing in the past.

Here is the output:
opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 3: $'\r\nCopyright (C) 2009-2012 Splunk Inc. All Rights Reserved.\r\n\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 5: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 6: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 7: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 8: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 9: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 10: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 11: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 12: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 13: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 14: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 15: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 16: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 17: $'\r': command not found
from: can't read /var/mail/splunk.appserver.mrsparkle.lib.util
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 19: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 21: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 22: import: command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 23: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 24: $'\r': command not found
/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 25: syntax error near unexpected token ('
'opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py: line 25:class PathType(object):

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎10-27-2014 03:03 PM

In your first example, you're getting command not found because you are running the python script using the shell, not python. You haven't shown how you are running it so I'm not sure what's going wrong, and I'm not familiar enough with the app to guess how it is intended to be invoked.

In your first comment, you appear to be running a python script which expects to run in the Splunk environment, using splunk modules. However, it is being invoked with (presumably) the system python and certainly without the PYTHONPATH. Please try /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py ... although I'm still not familiar enough with the app to know if that will produce the desired results.

In the second comment, it seems you have the script set up as a scripted input. It is complaining that /opt/nessus/input does not exist. Does it? The error message's guess that $SPLUNK_HOME may not be set is implausible here, as splunkd will set $SPLUNK_HOME before launching the script.

View solution in original post

Reply
Solved! Jump to solution
Solution

jrodman
Splunk Employee
Splunk Employee
‎10-27-2014 03:03 PM

In your first example, you're getting command not found because you are running the python script using the shell, not python. You haven't shown how you are running it so I'm not sure what's going wrong, and I'm not familiar enough with the app to guess how it is intended to be invoked.

In your first comment, you appear to be running a python script which expects to run in the Splunk environment, using splunk modules. However, it is being invoked with (presumably) the system python and certainly without the PYTHONPATH. Please try /opt/splunk/bin/splunk cmd python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py ... although I'm still not familiar enough with the app to know if that will produce the desired results.

In the second comment, it seems you have the script set up as a scripted input. It is complaining that /opt/nessus/input does not exist. Does it? The error message's guess that $SPLUNK_HOME may not be set is implausible here, as splunkd will set $SPLUNK_HOME before launching the script.

Reply
Solved! Jump to solution

pedromvieira
Communicator
‎10-27-2014 02:15 PM 
    10/27/14
7:14:36.290 PM  
10-27-2014 19:14:36.290 -0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output" nessus2splunk.py: error: argument -s/--srcdir: Invalid path specified ($SPLUNK_HOME may not be set).

    10/27/14
7:14:36.290 PM  
10-27-2014 19:14:36.290 -0200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output" nessus2splunk.py: error: argument -s/--srcdir: Invalid path specified ($SPLUNK_HOME may not be set).
0 Karma
Reply
Solved! Jump to solution

pedromvieira
Communicator
‎10-27-2014 01:57 PM 
root@ubuntu:/opt/splunk/etc/apps# python /opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py -s /opt/nessus/input -t /opt/nessus/output
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py", line 18, in <module>
    from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path
ImportError: No module named splunk.appserver.mrsparkle.lib.util
root@ubuntu:/opt/splunk/etc/apps#
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...