Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Solaris install without root

drkduncan
Engager
‎03-29-2012 12:08 PM

This has probably already been asked, so please forgive me for duplicating. I am trying to install the splunk forwarder on a Solaris machine via CLI (Tar.Z package) and was wondering if there is any possible way to install it without root.

I am trying to set up a POC, but only SA's have root access. Not the application developers.

I know that once it is installed you can run as another user, but it looks like you have to be root to even get there.

Reply
1 Solution
Solved! Jump to solution
Solution

mwhite_splunk
Splunk Employee
Splunk Employee
‎03-29-2012 01:29 PM

When you untar the file, be sure you are untarring it an area where you have read/write permissions. Additionally, since Splunk runs on non-privileged ports, it should operate with no issues. The issue you are going to run into is that you will not be able to read the syslogs as a standard user. However, as an application developer, if you are running a sandboxed application, you direct those logs into your Splunk instance with no issues.

View solution in original post

Reply
Solved! Jump to solution
Solution

mwhite_splunk
Splunk Employee
Splunk Employee
‎03-29-2012 01:29 PM

When you untar the file, be sure you are untarring it an area where you have read/write permissions. Additionally, since Splunk runs on non-privileged ports, it should operate with no issues. The issue you are going to run into is that you will not be able to read the syslogs as a standard user. However, as an application developer, if you are running a sandboxed application, you direct those logs into your Splunk instance with no issues.

Reply
Solved! Jump to solution

drkduncan
Engager
‎03-29-2012 02:00 PM

You would think that after working on Solaris boxes for 5 years, and *nix for another 6 before that I would think to check the arch the package was compiled for.

For future reference, if you extract the x86_64 package and try to run it on a sparc box, it wont work.

I am wearing a dunce hat now.....

Thanks for the answer - it works when you use the right files....

0 Karma
Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎03-29-2012 01:10 PM

If you're using the tarball - regardless of Unix OS - then you can run a forwarder under that user. The forwarder will only have access to read files that is equivalent to the user running it. You should be able to simply untar the forwarder .tgz into a directory and launch it.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...