Hi, i have a configuration problem the Splunk_TA_nessus and splunk, and run in debug gives me the following :
Checking filesystem compatibility... Done
Checking conf files for problems...
Invalid key in stanza [default] in /root/splunk/etc/apps/Splunk_TA_nessus/local/inputs.conf, line 1: srcdir (value: /root/splunk/etc/apps/Splunk_TA_nessus/spool/)
Invalid key in stanza [default] in /root/splunk/etc/apps/Splunk_TA_nessus/local/inputs.conf, line 2: tgtdir (value: $SPLUNK_HOME/var/spool/splunk)
Your indexes and inputs configurations are not internally consistent. For more information, run 'splunk btool check --debug'
Done
Hi junior87,
looking at the inputs.conf
of this app it says:
## EXAMPLE Nessus scripted input using user-defined directories, full paths
#
# Purpose:
#
# Converts .nessus format files (v1 or v2) to a Splunk-indexable format,
# using the following directories as source and target:
#
# srcdir = /opt/nessus/incoming
# tgtdir = /opt/nessus/parsed
#
# WARNING: This is only an example.
#
# To utilize this input as shown, a Splunk "monitor" stanza would also need
# to be configured to index parsed output files from the custom directory
# The configuration of the "monitor" stanza would need to be similar to
# the configuration used for the default Splunk spool directory.
# For instance:
#
# [batch://<path_to_custom_spool_directory>]
# move_policy = sinkhole
# crcSalt = <SOURCE>
This means neither use srcdir
nor tgtdir
but setup a Splunk input monitor like in the [batch: ...]
example or use the scripted input like this:
[script://./bin/nessus2splunk.py -s /opt/nessus/incoming -t /opt/nessus/parsed]
disabled = false
interval = 120
index = _internal
source = nessus2splunk
sourcetype = nessus2splunk
where -s
is the source path and -t
is the target path for the script. The target path will be monitored in Splunk.
Hope this helps to get you started ...
cheers, MuS
thank you
I fixed the error but not splunk_ta_nessus makes me view data
The Add-on will not provide any view, it 'only' provides the inputs and CIM-compatible knowledge to use Nessus data with other Splunk apps, such as Splunk App for Enterprise Security
and Splunk App for PCI Compliance
FYI, there are now pre-built panels in the Add-on, so you can add a dashboard and select from those to get some reports.