All Apps and Add-ons

Why am I not retrieving scan data, only plugin data?

msketteran
New Member

I am retrieving plugin data just fine. However, at the same time I am not receiving any scan data. I found the following error log entry:

2016-07-25 09:39:44,912 ERROR pid=35903 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://xxx.xxx.xxx.xxx:8834/scans/194, reason=Traceback (most recent call last):
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self.request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/
init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/
init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 1136, in getresponse
response.begin()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 453, in begin
version, status, reason = self._read_status()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 409, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/Applications/Splunk/lib/python2.7/socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "/Applications/Splunk/lib/python2.7/ssl.py", line 734, in recv
return self.read(buflen)
File "/Applications/Splunk/lib/python2.7/ssl.py", line 621, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)

0 Karma
1 Solution

rwang_splunk
Splunk Employee
Splunk Employee

Hi msketteran

Try to use the following command in console to check whether it is a problem of the network.
curl -k -H "Accept: application/json" -H "Content-Type: application/json" -H "X-ApiKeys: accessKey=YOUR ACCESSKEY; secretKey=YOUR SECRET KEY" -X GET https://xxx.xxx.xxx.xxx:8834/scans/194
If you cannot connect the network successfully, try to check the network configuration. Otherwise, it might be a bug related to this add-on, you can file a customer ticket and we can have further investigation.
thanks.

View solution in original post

0 Karma

aosso
Path Finder

Did you configure a proxy for the add-on to get plugin information?

If so, it will try to connect also to the Nessus instance via that proxy. If the Nessus interface is not reachable through that proxy, then it will fail to connect.

0 Karma

msketteran
New Member

Tried the curl command and retrieved the scan just fine. I'll look into filing a ticket.

0 Karma

kurthin
New Member

I have this same issue and also get results from this command with no errors

0 Karma

rwang_splunk
Splunk Employee
Splunk Employee

Hi msketteran

Try to use the following command in console to check whether it is a problem of the network.
curl -k -H "Accept: application/json" -H "Content-Type: application/json" -H "X-ApiKeys: accessKey=YOUR ACCESSKEY; secretKey=YOUR SECRET KEY" -X GET https://xxx.xxx.xxx.xxx:8834/scans/194
If you cannot connect the network successfully, try to check the network configuration. Otherwise, it might be a bug related to this add-on, you can file a customer ticket and we can have further investigation.
thanks.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...