All Apps and Add-ons

RHEL 5.x support

gsimeuncevic
Engager

In the release notes it states that add-on supports RHEL/CentOS 5.x.
However when trying to run it I get:

[root@server bin]# ./lea_loggrabber
FATAL: kernel too old
Segmentation fault

I have kernel 2.6.18-308.el5.

[root@server bin]# file lea_loggrabber
lea_loggrabber: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), for GNU/Linux 2.6.32, statically linked, for GNU/Linux 2.6.32, from 'utex_wake', not stripped

Is it possible to get compiled version for kernel 2.6.18? Or there is some other way to run it?

0 Karma

splunkapprentic
Explorer

I have the same problem with an old linux box. have you managed to fix it somehow?

0 Karma

jamesarmitage
Path Finder

I can think of 3 options for you, although only one will be stable for the long term:

  1. Build a new linux heavy forwarder that meets the requirements. I know that might not be the preferred option, but this is the only one that will keep you on mainline support.
  2. Clone the Splunk version of lea_loggrabber and try to compile on your existing platform: https://github.com/splunk/opsec_lea Once complete, move the newly compiled version into the TA's folder and restart the Splunk process. You'll need at least gcc and other developer tools installed to make this approach work.
  3. Pull the fw1-loggrabber .tar.gz from Sourceforge and compile yourself: https://sourceforge.net/projects/fw1-loggrabber/files/fw1-loggrabber/1.11.1/ Again, move the newly compiled binary into the TA folder.
0 Karma
Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...