@echo off rem -- To get rid of cygwin's complaints about DOS style path: set CYGWIN=nodosfilewarning E:\cygwin64\bin\bash.exe "%SPLUNK_HOME%/etc/apps/TA-nessus/bin/update_plugin_lookup.sh" %*
Then the shell script, update_plugin_lookup.sh, is modified to this to work with Cygwin's bash and python:
#!/bin/bash #unset LD_LIBRARY_PATH export PATH="/bin:/usr/bin" cygpath=`which cygpath 2>/dev/null` if [ "$cygpath" != "" ]; then splunk_home=`"$cygpath" "$SPLUNK_HOME"` export SPLUNK_HOME=`"$cygpath" -w "$SPLUNK_HOME"` fi export PATH="$PATH:$splunk_home/bin" #cd $( dirname "${BASH_SOURCE[0]}" ) || cd "$splunk_home/etc/apps/TA-nessus/bin" cd "$splunk_home/etc/apps/TA-nessus/bin" ./update_plugin_lookup.py $*
The problem is, on a Windows 2012R2 server running a Splunk search head, the scripted input running the update_plugin_lookup.bat command only generates a line in the splunkd.log file that reads:
09-23-2014 04:15:00.013 -0400 ERROR ExecProcessor - Couldn't start command "E:\Splunk\etc\apps\TA-nessus\bin\update_plugin_lookup.bat": The operation completed successfully.
I checked file permissions for the local SYSTEM account on the 2012 server, as I suspected that may be a factor. But that did not seem to be the issue.
I have downloaded the PsTools from SysInternals and manually run the batch command as the local SYSTEM user. That worked without a hitch.
I am at a lost of ideas to try at this point, so I am going to post this to Splunk Answers and other forums to beg for help.
[Edit - Problem resolved] : This turned out to be a file permission issue, after all. I thought I did grant executable permission to local SYSTEM on the 2012R2 server. But I did not succeed in doing that. Then because I was able to run the batch command file as local SYSTEM with the help of PsExec, I let the suspicion slip out of my mind.
No comments:
Post a Comment