Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Error running SIEM integration python script

    Posted 12-21-2022 14:11
    We are trying to integrate Cloud WAF logs with SIEM solution ArcSight

    While running python script available on GITHub getting below error. Please assist. 

    GITHub URL - https://github.com/imperva/incapsula-logs-downloader 

    [root@localhost processed]# python3 /home/mtech/Documents/SIEM/incapsula-logs-downloader-master/script/LogsDownloader.py -c /home/mtech/Documents/SIEM/incapsula-logs-downloader-master/config/
    2022-12-21 23:50:39,869 ERROR Exception while getting LogsDownloader config file - Could Not find Configuration file - Traceback (most recent call last):
    File "/usr/lib64/python3.6/configparser.py", line 789, in get
    value = d[option]
    File "/usr/lib64/python3.6/collections/__init__.py", line 883, in __getitem__
    return self.__missing__(key) # support subclasses that define __missing__
    File "/usr/lib64/python3.6/collections/__init__.py", line 875, in __missing__
    raise KeyError(key)
    KeyError: 'syslog_proto'

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
    File "/home/mtech/Documents/SIEM/incapsula-logs-downloader-master/script/LogsDownloader.py", line 98, in __init__
    self.config = self.config_reader.read()
    File "/home/mtech/Documents/SIEM/incapsula-logs-downloader-master/script/LogsDownloader.py", line 554, in read
    config.SYSLOG_PROTO = os.environ.get('IMPERVA_SYSLOG_PROTO', config_parser.get('SETTINGS','SYSLOG_PROTO'))
    File "/usr/lib64/python3.6/configparser.py", line 792, in get
    raise NoOptionError(option, section)
    configparser.NoOptionError: No option 'syslog_proto' in section: 'SETTINGS'

    Could Not find Configuration file
    [root@localhost processed]#
    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Urvin Shah
    Senior Cybersecurity Consultant
    M.Tech Solutions (India) PRIVATE LIMITED
    Mumbai
    ------------------------------


  • 2.  RE: Error running SIEM integration python script

    Posted 12-21-2022 14:29
    Hi,

    It says it cannot find the config file.

    /home/mtech/Documents/SIEM/incapsula-logs-downloader-master/config/Settings.Config


    Does this file exists ? Correct permissions?
    Does the file have the needed contents?


    Ignore the second callback as it is looking for those parameters inside the OS environments (printenv command)

    Regards


    The script looks for the config file and if it doesn't exists, it tries to find it inside the OS environment (which is a rarely use method in production).



    ------------------------------
    Sarvesh Lad
    Tech Lead @ On-Prem Managed Services (WAF, DAM, DRA & Sonar)
    ------------------------------