In the release notes it states that add-on supports RHEL/CentOS 5.x.
However when trying to run it I get:
[root@server bin]# ./lea_loggrabber
FATAL: kernel too old
Segmentation fault
I have kernel 2.6.18-308.el5.
[root@server bin]# file lea_loggrabber
lea_loggrabber: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), for GNU/Linux 2.6.32, statically linked, for GNU/Linux 2.6.32, from 'utex_wake', not stripped
Is it possible to get compiled version for kernel 2.6.18? Or there is some other way to run it?
I have the same problem with an old linux box. have you managed to fix it somehow?
I can think of 3 options for you, although only one will be stable for the long term:
lea_loggrabber
and try to compile on your existing platform: https://github.com/splunk/opsec_lea Once complete, move the newly compiled version into the TA's folder and restart the Splunk process. You'll need at least gcc and other developer tools installed to make this approach work.