All Apps and Add-ons

Incapsula API script error

robwheeler
Engager

Hi,

Anyone who has used the Incapsula API script that is available from "https://github.com/Incapsula/logs-downloader"

Have you had any issues getting it running, i'm not able to execute the script.

I've followed the instructions, installed the required packages but still no luck. I've validated that the default directories are there and accessible.

Traceback (most recent call last):
File "/incapsula_download/script/LogsDownloader.py", line 586, in
logsDownloader = LogsDownloader(path_to_config_folder, path_to_system_logs_folder, system_logs_level)
File "/incapsula_download/script/LogsDownloader.py", line 109, in init
os.makedirs(self.config.PROCESS_DIR)
File "/usr/lib64/python2.6/os.py", line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 2] No such file or directory: ''

Any help would be great.

Regards

Rob

0 Karma

jfeitosa_real
Path Finder

I'm having trouble understanding how to integrate the incapsula with Splunk.
How to use the logs-downloader script? Do I have to download and use splunk?

Thanks in advance.

James

0 Karma

mgast
Explorer

Where do you have your PROCESS_DIR in Settings.Config?

I have mine going to

PROCESS_DIR=/tmp/processed/

Make sure that you are running it as a user with access to the directory. I created the directory since the script seems to have troubles creating directories for the python script to push to.

0 Karma

robwheeler
Engager

Good spot, missed that one completely.

I've executed the script now -

No handlers could be found for logger "logsDownloader"
script/LogsDownloader.py:130: DeprecationWarning: BaseException.message has been deprecated as of Python 2.6
self.logger.error("Failed to downloading index file and starting to download all the log files in it - %s, %s", e.message, traceback.format_exc())

Thats the current message, do I assume from this that it is doing something?

0 Karma

mgast
Explorer

I run mine with.
sudo nohup /etc/incapsula/logs/config/LogsDownloader.py &
then I tail the nohup.out and see what it is currently doing.

it works fairly quick so if you look in your process dir you should see log files there to ingest into splunk.

0 Karma

robwheeler
Engager

Final bit, did you have to set up the keys to get it to work or can it work without?

I think all my config is not correct but i'm not seeing any logs.

0 Karma

mgast
Explorer

I did change to keys but I have had the same config working without keys as well.
did you install M2Crypto and loggerglue?
What version of linux are you installing this on?

0 Karma

robwheeler
Engager

Hey, yes installed both packages are mentioned.

Running RHEL 6.8.

Still not seeing any logs the last line seen when executing the script is

self.logger.error("Failed to downloading index file and starting to download all the log files in it - %s, %s", e.message, traceback.format_exc())

0 Karma

mgast
Explorer

Were you able to get the logs downloaded?

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...