We've installed the Qualys Technology Add-on (TA) for Splunk. I can successfully pull down vulnerability data and the knowledge base.
Every hour, I see the following error message in the console:
msg="A script exited abnormally" input="/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py" stanza="qualys://knowledge_base" status="exited with code 1"
I don't understand why it is happening every hour since the inputs.conf stanza has the script running every day at 1 am:
[qualys://knowledge_base]
duration = 0 1 * * *
index = vulnerabilities
start_date = 1999-01-01T00:00:00Z
disabled = 0
Digging up an old thread to comment on a fix because I just ran into this. If you look at the code in `qualys.py` it's asking for a duration between checks in seconds.
So enter your time in seconds, i.e. `86400` instead of `24h` or `0 0 * * *`
I can't get to the Qualys documentation without downloading the app, but I think if you review the definition of the duration parameter, you may find that second parameter is causing it to launch every 1 hour. I'd be surprised if a parameter called "duration" was specifying a particular hour of the day, in a format without a colon (1:00).