search

jorritfolmer / TA-dmarc

Add-on for ingesting DMARC aggregate reports into Splunk
https://splunkbase.splunk.com/app/3752
15 stars 8 forks source link

Windows file path issue when saving collected messages #43

Closed hkelley closed 1 year ago

hkelley commented 1 year ago

Specific error:

imap2dir.py", line 190, in write_part_to_file     (filename, str(e))) Exception: Error writing to filename C:\Windows\TEMP\tmpo0omj33w\edgewave.com!xx.com!D4A221DC70AB347F2042B10501AA32D1.xml.  zip with exception [Errno 22] Invalid argument: 'C:\\Windows\\TEMP\\tmpo0omj33w\\edgewave.com!xxl.com!D4A221DC70AB347F2042B10501AA32D1.xml.\r\n zip'

Full frame from index=_internal sourcetype="ta:dmarc:log" file=base_modinput.py:* ERROR

2022-10-12 10:34:42,884 ERROR pid=5444 tid=MainThread file=base_modinput.py:log_error:309 \| Get error when collecting events. Traceback (most recent call last):   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\dmarc\imap2dir.py", line 186, in write_part_to_file     open(filename, 'wb').write(part.get_payload(decode=True)) OSError: [Errno 22] Invalid argument: 'C:\\Windows\\TEMP\\tmpo0omj33w\\edgewave.comxx.com!D4A221DC70AB347F2042B10501AA32D1.xml.\r\n zip' During handling of the above exception, another exception occurred: Traceback (most recent call last):   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\ta_dmarc\aob_py3\modinput_wrapper\base_modinput.py", line 128, in stream_events     self.collect_events(ew)   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\dmarc_imap_oauth2.py", line 104, in collect_events     input_module.collect_events(self, ew)   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\input_module_dmarc_imap_oauth2.py", line 93, in collect_events     filelist = i2d.process_incoming()   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\dmarc\imap2dir.py", line 348, in process_incoming     filelist = self.save_reports_from_message_bodies(response)   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\dmarc\imap2dir.py", line 245, in save_reports_from_message_bodies     filename = self.write_part_to_file(uid, part)   File "C:\Program Files\Splunk\etc\apps\TA-dmarc\bin\dmarc\imap2dir.py", line 190, in write_part_to_file     (filename, str(e))) Exception: Error writing to filename C:\Windows\TEMP\tmpo0omj33w\edgewave.com!.com!D4A221DC70AB347F2042B10501AA32D1.xml.  zip with exception [Errno 22] Invalid argument: 'C:\\Windows\\TEMP\\tmpo0omj33w\\edgewave.com!.com!D4A221DC70AB347F2042B10501AA32D1.xml.\r\n zip'
--
jorritfolmer commented 1 year ago

Thanks for the log! It should be fixed with the most recent commit to the oauth2 branch. Can you validate if it works on your setup?

hkelley commented 1 year ago

Yes, it works on Windows (Splunk Version 8.2.8). Both O365 IMAP and the path fix are in my current config. Thank you.