- Splunk Answers
- :
- Splunk Administration
- :
- Security
- :
- Security Center v5.5.1: Error - Failed to ndex dat...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Center v5.5.1: Error - Failed to ndex data
Good Day
SecurityCenter v5.5.1 (on Tenable Appliance 4.6.1) and Tenable TA Nessus 5.1.1
After creating the "tenable_sc_inputs.cont" and "tenable_sc_servers.conf" I am getting this error in my TA_Nessus_sc.log. Any ideas what might be causing this?
2017-09-12 00:35:37,986 +0000 log_level=ERROR, pid=11404, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Security Center" data="sc_vulnerability" server="myservername.fqdn"] Failed to index data
Traceback (most recent call last):
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_collector.py", line 115, in index_data
self._do_safe_index()
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_collector.py", line 148, in _do_safe_index
self._client = self._create_data_client()
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_collector.py", line 95, in _create_data_client
self._checkpoint_manager)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_client.py", line 55, in __init__
self._ckpt)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
return _do_job_one_time(all_conf_contents, task_config, ckpt)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\ta_tenable_sc_data_collector.py", line 24, in _do_job_one_time
server_info = _get_server_info(all_conf_contents, task_config)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\ta_tenable_sc_data_collector.py", line 98, in _get_server_info
return global_config[consts.servers][server_name]
KeyError: u'myservername.fqdn'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I might have found the issue, I just need to test further to confirm but login into the api of Security Center in Nessus shows that the user i'm trying to pull scan data with does NOT have anything in "My Scans" nor the "All Scans" directory. I will try to generate some scan with this user later and update my findings but I believe this is it, scans are context sensitive per user.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry to ask a question like 20 years later...
Did you ever get it to work?
What was the fix?
Was it permissions?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It was a Nessus user context "thing". The user in Nessus I was using had zero scans. When I used an account that we were using for scans, the "All Scans" section of the ui had actual scans to pull down via the TA, then was g2g after that.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm seeing this error also in my test box and prod, I think our tenable instance is 6.11 and the addon version also 5.1.1 where were seeing this exact code_line_no=118 error in the same python module.
Additionally seeing the same problem on rhel6 and rhel7 based hosts.
Introducing the 2024 SplunkTrust!
Introducing the 2024 Splunk MVPs!
Splunk Custom Visualizations App End of Life
