All Apps and Add-ons

Qualys Technology Add-on (TA) for Splunk: Why is the Qualys knowledge base input generating error "msg="A script exited abnormally""?

responsys_cm
Builder

We've installed the Qualys Technology Add-on (TA) for Splunk. I can successfully pull down vulnerability data and the knowledge base.

Every hour, I see the following error message in the console:

msg="A script exited abnormally" input="/opt/splunk/etc/apps/TA-QualysCloudPlatform/bin/qualys.py" stanza="qualys://knowledge_base" status="exited with code 1"

I don't understand why it is happening every hour since the inputs.conf stanza has the script running every day at 1 am:

[qualys://knowledge_base]
duration = 0 1 * * *
index = vulnerabilities
start_date = 1999-01-01T00:00:00Z
disabled = 0
0 Karma

bmorgenthaler
Path Finder

Digging up an old thread to comment on a fix because I just ran into this.  If you look at the code in `qualys.py` it's asking for a duration between checks in seconds.

So enter your time in seconds, i.e. `86400` instead of `24h` or `0 0 * * *`

0 Karma

DalJeanis
SplunkTrust
SplunkTrust

I can't get to the Qualys documentation without downloading the app, but I think if you review the definition of the duration parameter, you may find that second parameter is causing it to launch every 1 hour. I'd be surprised if a parameter called "duration" was specifying a particular hour of the day, in a format without a colon (1:00).

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...