AaronSeibert
commented
1 year ago @joserh-git - do you have a true linux box to try running this from? It appears you're running from WSL, which hasn't been tested. This may be a case of line ending differences between Windows and Unix files, case sensitivity, any number of things. The keys are definitely in what you supplied, so I'm not sure why else it would be complaining that the key doesn't exist.
As for the "Couldn't find configuration file" - that's misleading here and should really be "Couldn't parse configuration file" or something more along those lines. The script could clearly find the file, otherwise we wouldn't have gotten in to the options parsing.
DraganBocevski
joeymoore
The Issue Summary When using the SIEM python script, getting various errors. Script was downloading from GitHub https://github.com/imperva/incapsula-logs-downloader
First error indicates it cannot find the configuration Second error indicates it cannot find syslog_proto in Settings
Troubleshooting & Investigation Summary -Verified I am meeting the requirements: jose@T014-174915:/mnt/c/Users/XXXXXX/Desktop/NewSIEM/script$ pip install -r requirements.txt Requirement already satisfied: pycrypto in /home/jose/.local/lib/python3.8/site-packages (from -r requirements.txt (line 1)) (2.6.1) Requirement already satisfied: M2Crypto in /usr/lib/python3/dist-packages (from -r requirements.txt (line 2)) (0.31.0) Requirement already satisfied: urllib3 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (1.25.8)
-Verified I have python3 installed: jose@T014-174915:/mnt/c/Users/XXXXXXX/Desktop/NewSIEM/script$ python3 --version Python 3.8.10
-Downloaded script from GitHub repo: https://github.com/imperva/incapsula-logs-downloader
-Modified settings.config to pertain to my account settings: [SETTINGS] APIID=XXXXX APIKEY=XXXXXXXXXXXXXXXXXXXX SAVE_LOCALLY=YES PROCESS_DIR=/mnt/c/Users/XXXXXX/Desktop/NewSIEM BASEURL=https://logs1.incapsula.com/XXXXXXX/ USEPROXY=NO PROXYSERVER= SYSLOG_ENABLE=NO SYSLOG_ADDRESS= SYSLOG_PORT= SYSLOG_PROTO=TCP USE_CUSTOM_CA_FILE=NO CUSTOM_CA_FILE=
-Verified config file is saved in respective location: jose@T014-174915:/mnt/c/Users/XXXXXX/Desktop/NewSIEM/config$ ls Settings.Config
-Ran the command with -c flag for the config folder path. Here is the output: jose@T014-174915:/mnt/c/Users/XXXXXX/Desktop/NewSIEM/script$ python3 LogsDownloader.py -c /mnt/c/Users/joseraul.hernandez/Desktop/NewSIEM/config 2022-08-30 11:58:06,182 ERROR Exception while getting LogsDownloader config file - Could Not find Configuration file - Traceback (most recent call last): File "/usr/lib/python3.8/configparser.py", line 789, in get value = d[option] File "/usr/lib/python3.8/collections/init.py", line 898, in getitem return self.missing(key) # support subclasses that define missing File "/usr/lib/python3.8/collections/init.py", line 890, in missing raise KeyError(key) KeyError: 'syslog_proto'
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "LogsDownloader.py", line 98, in init self.config = self.config_reader.read() File "LogsDownloader.py", line 554, in read config.SYSLOG_PROTO = os.environ.get('IMPERVA_SYSLOG_PROTO', config_parser.get('SETTINGS','SYSLOG_PROTO')) File "/usr/lib/python3.8/configparser.py", line 792, in get raise NoOptionError(option, section) configparser.NoOptionError: No option 'syslog_proto' in section: 'SETTINGS'
Could Not find Configuration file
Anyone seen the above errors? I can see syslog_proto in the settings.config. I also ran the command to point to configuration file, as well as hard set it in the script with no luck.
Thank you in advance.