- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I monitor root-owned logs while running Splunk as a non-root user?
How to monitor root-owned logs while running Splunk as a non-root user for Amazon Linux AMI?
what are the permission required for non-root user to run the environment ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
whatever user that is running splunk needs r/w access to $SPLUNK_HOME, and read to whatever root owned logs.
best guess here is to create a group that has read access to those logs, but retains root ownership, and add the splunk user to that group in linux.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer. What is the command for the same?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@vin02 - that would be an OS command, not a Splunk command, so it would depend on your operating system.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
we are using Amazon Linux.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you need help with Linux commands, you could start with the AWS Linux documentation
https://aws.amazon.com/premiumsupport/knowledge-center/linux-command-basics/
You could also use any reference for Cento OS, and that is the base for AWS Linux
