- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Increase Timeout for Querying Nessus Scan Data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Increase Timeout for Querying Nessus Scan Data
I have Splunk configured to pull data from a Nessus Professional instance and for the most part it works fine but I noticed several recent scan reports weren't showing up. After some investigating, there were errors like the following during each pull attempt (every 12 hours):
2019-01-07 07:44:06,351 ERROR pid=9520 tid=MainThread file=nessus_rest_client.py:request:100 | Failed to connect https://<splunk server>/scans/166, reason=Traceback (most recent call last):
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\nessus_rest_client.py", line 80, in request
headers=headers)
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1593, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "E:\splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1291, in _conn_request
response = conn.getresponse()
File "E:\splunk\Python-2.7\Lib\httplib.py", line 1121, in getresponse
response.begin()
File "E:\splunk\Python-2.7\Lib\httplib.py", line 438, in begin
version, status, reason = self._read_status()
File "E:\splunk\Python-2.7\Lib\httplib.py", line 394, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "E:\splunk\Python-2.7\Lib\socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "E:\splunk\Python-2.7\Lib\ssl.py", line 772, in recv
return self.read(buflen)
File "E:\splunk\Python-2.7\Lib\ssl.py", line 659, in read
v = self._sslobj.read(len)
SSLError: ('The read operation timed out',)
I noted that over the past few weeks the same scan numbers were showing up repeatedly and checking in Nessus, these are indeed the missing scan reports. These happen to be the largest scan results so I suspect the time out is just that the Nessus server isn't responding fast enough and the Splunk app closes the connection.
Is there a way to increase the read timeout for this situation?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm getting the same error while pulling the data from SNOW.Is there any way to fix it ?
error :-
2020-01-20 10:01:48,435 ERROR pid=124003 tid=Thread-1 file=snow_data_loader.py:do_collect:177 | Failure occurred while connecting to https://roche.service-now.com/api/now/table/incident?sysparm_display_value=all&sysparm_limit=1000&sy.... The reason for failure=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/snow_data_loader.py", line 169, in _do_collect
"Authorization": "Basic %s" % credentials
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/Splunk_TA_snow/httplib2_helper/httplib2_py2/httplib2/init.py", line 2135, in request
cachekey,
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/Splunk_TA_snow/httplib2_helper/httplib2_py2/httplib2/init.py", line 1796, in _request
conn, request_uri, method, body, headers
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/Splunk_TA_snow/httplib2_helper/httplib2_py2/httplib2/init_.py", line 1737, in _conn_request
response = conn.getresponse()
File "/opt/splunk/lib/python2.7/httplib.py", line 1137, in getresponse
response.begin()
File "/opt/splunk/lib/python2.7/httplib.py", line 448, in begin
version, status, reason = self._read_status()
File "/opt/splunk/lib/python2.7/httplib.py", line 404, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/opt/splunk/lib/python2.7/socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "/opt/splunk/lib/python2.7/ssl.py", line 772, in recv
return self.read(buflen)
File "/opt/splunk/lib/python2.7/ssl.py", line 659, in read
v = self._sslobj.read(len)
SSLError: ('The read operation timed out',)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This question is over a year old with no activity. You may get a response by posting a new question.
If this reply helps you, Karma would be appreciated.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
