Content: I'm running RHEL 7.2, Splunk 6.6.1 and OPSEC LEA 4.2.0 and configure the OPSEC LEA app. I pull the cert but when i search for data it's not showing nothing. So I trouble shot it by running the lea-loggrabber it's crashing. Is the add app available to run on RHEL 7.2? Why is it's failing? I put the app in debug more and ran the lea-loggrabber and here's the output:
[ 27363 4151757632]server[3 Aug 14:15:04] Env Configuration:
(
:type (opsec_info)
:lea_server (
:opsec_entity_sic_name ()
:auth_type (sslca)
:auth_port (18184)
:ip ()
)
:opsec_sslca_file ()
:opsec_sic_name ()
)
[ 27363 4151757632]server[3 Aug 14:15:04] Could not find info for ...opsec_shared_local_path...
[ 27363 4151757632]server[3 Aug 14:15:04] Could not find info for ...opsec_sic_policy_file...
[ 27363 4151757632]server[3 Aug 14:15:04] Could not find info for ...opsec_mt...
[ 27363 4151757632]server[3 Aug 14:15:04] opsec_init: multithread safety is not initialized
[ 27363 4151757632]server[3 Aug 14:15:04] cpprng_opsec_initialize: path is not initialized - will initialize
[ 27363 4151757632]server[3 Aug 14:15:04] cpprng_opsec_initialize: full file name is ops_prng
[ 27363 4151757632]server[3 Aug 14:15:04] cpprng_opsec_initialize: dev_urandom_poll returned 0
[ 27363 4151757632]server[3 Aug 14:15:04] opsec_file_is_intialized: seed is initialized
[ 27363 4151757632]server[3 Aug 14:15:04] cpprng_opsec_initialize: seed init for opsec succeeded
[ 27363 4151757632]server[3 Aug 14:15:04] opsec_init_sic_id_internal: own sic name not defined.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_create: version 5301.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_add_name_to_group: finished successfully.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_set_local_names: () names. finished successfully.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_create: finished successfully.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_add_name_to_group: finished successfully.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_set_local_names: (local_sic_name) names. finished successfully.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_add_name_to_group: finished successfully.
[ 27363 4151757632]server[3 Aug 14:15:04] PM_policy_set_local_names: (127.0.0.1) names. finished successfully.
Segmentation fault (core dumped)
Any Idea what's going on?
... View more