All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarder running as Splunk user

logtastic
Explorer
‎05-10-2021 09:30 AM

My Splunk forwarder is running as a splunk user and not root. What is the best way to grant this user read access to user's .bash_history logs without enforcing sudo? If I am not mistaken, theres no way for us to tell the splunk forwarder to run sudo and supply with its own creds again.

Any guidance will be very appreciated.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-10-2021 11:14 AM

You could try giving Splunk access to all .bash_history files using setfacl.  I don't know if the command has to be repeated when new users are added.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎05-10-2021 11:14 AM

You could try giving Splunk access to all .bash_history files using setfacl.  I don't know if the command has to be repeated when new users are added.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...