Qualys Technology Add-on (TA) for Splunk: Why is t...

responsys_cm · ‎01-13-2017

We've installed the Qualys Technology Add-on (TA) for Splunk. I can successfully pull down vulnerability data and the knowledge base.

Every hour, I see the following error message in the console:

msg="A script exited abnormally" input="/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py" stanza="qualys://knowledge_base" status="exited with code 1"

I don't understand why it is happening every hour since the inputs.conf stanza has the script running every day at 1 am:

[qualys://knowledge_base]
duration = 0 1 * * *
index = vulnerabilities
start_date = 1999-01-01T00:00:00Z
disabled = 0

bmorgenthaler · ‎05-10-2021

Digging up an old thread to comment on a fix because I just ran into this. If you look at the code in `qualys.py` it's asking for a duration between checks in seconds.

So enter your time in seconds, i.e. `86400` instead of `24h` or `0 0 * * *`

DalJeanis · ‎01-13-2017

I can't get to the Qualys documentation without downloading the app, but I think if you review the definition of the duration parameter, you may find that second parameter is causing it to launch every 1 hour. I'd be surprised if a parameter called "duration" was specifying a particular hour of the day, in a format without a colon (1:00).

Qualys Technology Add-on (TA) for Splunk: Why is the Qualys knowledge base input generating error "msg="A script exited abnormally""?

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...