Splunk Dev

Python script for McAfee epo

allan_gacutan
New Member

Hi To All Splunkers,

I'm having problem on getting the data from McAfee epo to my splunk indexer server.
previously this was working, it so happened one day it stop capturing the data.

Below is the error message I found from the splunk log:

09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" 'import site' failed; use -v for traceback
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" Traceback (most recent call last):
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat""   File "D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.py", line 2, in <module>
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat""     import pymssql
09-22-2012 00:42:34.868 +0800 ERROR ExecProcessor - message from ""D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat"" ImportError: No module named pymssql
09-22-2012 00:42:34.868 +0800 INFO  ExecProcessor - Ran script: "D:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.bat", took 190.0 milliseconds to run, 0 bytes read, exited with code 1

Thanks in advanced for the help.

Tags (1)
0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

I am pleased to announce that we've just released an add-on that can help you with this (using DB Connect instead of Python): http://apps.splunk.com/app/1819/

0 Karma

alexoldman
Explorer

I have the same problem with Splunk 4.3.4 and ES 2.0 on the TA-mcafee, on a Windows platform. I am just setting this up, nothing is broken, but it's not working.

I only have the Python that comes with Splunk at c:\program files\splunk\bin\python.exe

I have modified mcafee_epo.bat to refer to the location of python.exe


@echo off
"C:\Program Files\Splunk\bin\python.exe" "C:\Program Files\Splunk\etc\apps\TA-mcafee\bin\mcafee_epo.py"


I have tried setting pythonhome and pythonpath environment variables to C:\program files\splunk\bin\ but this does not work.

When I run Python -v I see the error:

C:\Program Files\Splunk\bin>python -v

installing zipimport hook

import zipimport # builtin

installed zipimport hook

ImportError: No module named site

clear builtin._

clear sys.path

clear sys.argv

clear sys.ps1

clear sys.ps2

clear sys.exitfunc

clear sys.exc_type

clear sys.exc_value

clear sys.exc_traceback

clear sys.last_type

clear sys.last_value

clear sys.last_traceback

clear sys.path_hooks

clear sys.path_importer_cache

clear sys.meta_path

clear sys.flags

clear sys.float_info

restore sys.stdin

restore sys.stdout

restore sys.stderr

cleanup main

cleanup[1] zipimport

cleanup[1] signal

cleanup[1] exceptions

cleanup[1] _warnings

cleanup sys

cleanup builtin

cleanup ints: 6 unfreed ints

cleanup floats

So, I think this is a Python problem and not a Splunk problem as such.

0 Karma

Lucas_K
Motivator

Python modules/path on the host system have changed?

0 Karma

allan_gacutan
New Member

Hi Lucas,

There was no changes made in the host system.
Correct me if i'm wrong, the host system that you are referring too is the Indexer server right?

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...