Community:SplunkOnSELinux

From Splunk Wiki

Jump to: navigation, search

Running Splunk on SELinux

If you’ve enabled SELinux, you must either disable it or configure it to allow Splunk to run.

To configure SELinux to allow Splunk to run:

First, execute the chcon command on the Splunk lib directory:: 

chcon  -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null

Then, disable the check when Splunk starts up by adding the following line to $SPLUNK_HOME/etc/splunk-launch.conf: 

SPLUNK_IGNORE_SELINUX=1

Note: You will have to replace $SPLUNK_HOME with your toplevel Splunk installation directory, or source the setSplunkEnv file found in Splunk's bin directory.

Retrieved from "http://wiki.splunk.com/Community:SplunkOnSELinux"
Hot Wiki Topics


About Splunk >
  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk