Hallo,
by executing the following command, i receive an error, timeframe of report generation does not matter:
/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"
I have no idea how i should interpret the return code:
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise BadStatusLine(line)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" httplib.BadStatusLine: ''
Any idea/hints/tips where to look into that to fix the error?
sincerely oliver
Logs from /opt/splunk/var/log/splunk/splunkd.log:
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" Traceback (most recent call last):
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 539, in
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" main()
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 57, in main
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" xml = client.report(args.title, args.type, params)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 500, in report
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" return self._attachment(self._do_soap('report', args, parseresult=False))
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire.py", line 385, in _do_soap
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" s = self._opener.open(req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 404, in open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" response = self._open(req, data)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 422, in _open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" '_open', req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 382, in _call_chain
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" result = func(*args)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 1222, in https_open
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" return self.do_open(httplib.HTTPSConnection, req)
02-27-2015 02:45:16.834 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/urllib2.py", line 1187, in do_open
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" r = h.getresponse(buffering=True)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 1067, in getresponse
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" response.begin()
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 409, in begin
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" version, status, reason = self._read_status()
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/httplib.py", line 373, in _read_status
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise BadStatusLine(line)
02-27-2015 02:45:16.835 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" httplib.BadStatusLine: ''
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" Traceback (most recent call last):
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire_fim.py", line 147, in
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" main()
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/etc/apps/te/bin/tripwire_fim.py", line 136, in main
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" subprocess.check_call(cmd, shell=True)
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" File "/opt/splunk/lib/python2.7/subprocess.py", line 540, in check_call
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" raise CalledProcessError(retcode, cmd)
02-27-2015 02:45:16.841 +0100 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/te/bin/tripwire_fim.py" subprocess.CalledProcessError: Command '/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"' returned non-zero exit status 1
Hallo,
i found the "Troublemaker" :).
The error occures by communicating over a proxy server (mcaffee gateway), by exkluding the proxy and do the request with a direct connection, the script works well.
@excluding proxy (fast work around):
therefor i changed the /opt/splunk/etc/apps/te/bin/tripwire.py script the following way:
in class soap_client(object) -> methode (constructor) def init(self, server, username, password) i changed
if SSL_ABILITY:
self._opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj), urllib2.HTTPSHandler(context=sslcontext))
else:
self._opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
to
if SSL_ABILITY:
self._opener = urllib2.build_opener(urllib2.ProxyHandler({}), urllib2.HTTPCookieProcessor(cj), urllib2.HTTPSHandler(context=sslcontext))
else:
self._opener = urllib2.build_opener(urllib2.ProxyHandler({}), urllib2.HTTPCookieProcessor(cj))
sincerely oliver
note: now i try to find a way to avoid that error by using the mcaffee proxy, when finished i will leave a note ...
command errata:
/opt/splunk/bin/splunk cmd python "/opt/splunk/etc/apps/te/bin/tripwire.py" -s "server as ip" -u "user" -p "passphrase" report -T "DCR" -t detailedchanges_rpt -P BooleanCriterion,currentVersionsOnly,false,displayUsers,true,displayCriteriaAtEnd,true:RelativeTimeRangeCriterion,1,hour,"In the last 1 hour" -F CSV -o "/opt/teexports/FIM/tmp/DCR.csv"