All Apps and Add-ons

what is tripwire app httplib.BadStatusLine: '' error

oHable
Explorer

Hallo,

by executing the following command, i receive an error, timeframe of report generation does not matter:

/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"

I have no idea how i should interpret the return code:
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise BadStatusLine(line)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" httplib.BadStatusLine: ''

Any idea/hints/tips where to look into that to fix the error?

sincerely oliver

Logs from /opt/splunk/var/log/splunk/splunkd.log:
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" Traceback (most recent call last):
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 539, in
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" main()
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 57, in main
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" xml = client.report(args.title, args.type, params)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 500, in report
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" return self._attachment(self._do_soap('report', args, parseresult=False))
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 385, in _do_soap
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" s = self._opener.open(req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 404, in open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" response = self._open(req, data)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 422, in _open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" '_open', req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 382, in _call_chain
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" result = func(*args)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 1222, in https_open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" return self.do_open(httplib.HTTPSConnection, req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 1187, in do_open
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" r = h.getresponse(buffering=True)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 1067, in getresponse
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" response.begin()
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 409, in begin
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" version, status, reason = self._read_status()
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 373, in _read_status
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise BadStatusLine(line)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" httplib.BadStatusLine: ''
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" Traceback (most recent call last):
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire_fim.py", line 147, in
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" main()
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire_fim.py", line 136, in main
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" subprocess.check_call(cmd, shell=True)
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/subprocess.py", line 540, in check_call
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise CalledProcessError(retcode, cmd)
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" subprocess.CalledProcessError: Command '/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"' returned non-zero exit status 1

Tags (1)
0 Karma

oHable
Explorer

Hallo,
i found the "Troublemaker" :).
The error occures by communicating over a proxy server (mcaffee gateway), by exkluding the proxy and do the request with a direct connection, the script works well.

@excluding proxy (fast work around):
therefor i changed the /opt/splunk/etc/apps/te/bin/tripwire.py script the following way:

in class soap_client(object) -> methode (constructor) def init(self, server, username, password) i changed

  if SSL_ABILITY:
        self._opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj), urllib2.HTTPSHandler(context=sslcontext))
    else:
        self._opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))

to

   if SSL_ABILITY:
        self._opener = urllib2.build_opener(urllib2.ProxyHandler({}), urllib2.HTTPCookieProcessor(cj), urllib2.HTTPSHandler(context=sslcontext))
    else:
        self._opener = urllib2.build_opener(urllib2.ProxyHandler({}), urllib2.HTTPCookieProcessor(cj))

sincerely oliver

note: now i try to find a way to avoid that error by using the mcaffee proxy, when finished i will leave a note ...

0 Karma

oHable
Explorer

command errata:

/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "server as ip" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"

-s parameter was removed by posting my question ...

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...