Error: SOPHOS Central Integration

[Jeancar Pérez]

Hello, I am carrying out integration tests in an OVA to move to my productive servers. At the time of integrating Sophos according to the guides provided.

https://support.sophos.com/support/s/article/KB-000036372?language=en_US

I have an error when executing the siem.py script. Am I making a mistake? or do I need to configure something else before I can integrate Sophos.

[Jesus Linares]

Hi, 

The error configparser.NoSectionError: No section: 'login' indicates that the configuration parser (configparser) couldn't find a section named 'login' in the configuration file you are using.

Make sure that your configuration file (config.ini) has a section named [login], and the configuration items are listed under this section. Here's a basic example of how your configuration file should look:

[login]
username = your_username
password = your_password


If you already have this section and are still encountering the error, here are a few things to check:

• Spaces and formatting: Ensure there are no extra white spaces around section and key names in your configuration file.
• File encoding: Make sure the configuration file is encoded correctly. There might be issues if the file is not in the expected encoding format (e.g., UTF-8).
• Correct file path: Verify that the script is looking for the configuration file in the correct location. You can print the file path in your script to check if it's accessing the correct file.

I hope this helps.

[Jeancar Pérez]

HI Jesus,

Thank you for your response, I was finally able to solve the error, it was my problem by not renaming the config.ini file correctly, however I have problems with the visualization of the data.
I created a wodle and I use wazuh-logcollector but I get that the result.txt file does not exist.

[Jesus Linares]

Hi,

It looks like you forgot the script:

> /usr/bin/phython3.7 <missing script> /Sophos.../result.txt > /var/log/sophos-diag.log