All Apps and Add-ons

Splunk Add-on for Symantec Endpoint Security: Configuring the TA to update the Malware Category Lookup results in "...could not find a related app.conf file"

adamblock2
Path Finder

I have the Splunk_TA-symantec-ep installed on both of our Search Heads. Although I had enabled automatic update of the malware categories, I checked the timestamp of the lookup files, and they have not been updated. I then found that when I attempt to configure the TA to automatically update the malware category lookup table, the following appears in /opt/splunk/var/log/splunk/web_service.log of the Search Head:

WARNING [562e6f6c727fd4305b8ed0] view:152 - Splunk cannot load app "Splunk_TA_symantec-ep" because it could not find a related app.conf file.

I looked in both /opt/splunk/etc/apps/Splunk_TA_symantec-ep/default and /opt/splunk/etc/apps/Splunk_TA_symantec-ep/local, and there is an app.conf file.

Assistance with this would be appreciated.

Thank you.

0 Karma

woodcock
Esteemed Legend

Try manually setting your file permissions and ownership from the command line to match the user that is running the splunk instance.

rpille_splunk
Splunk Employee
Splunk Employee

Hi Adam,
The package on Splunkbase definitely has an app.conf file in the default folder, so perhaps it got lost somehow. You can download the package again to get the file.
Thanks!
~ Robin

0 Karma

adamblock2
Path Finder

The app.conf file is present in both the default and local folders on both of my search heads. Would re-downloading and re-installing change anything?

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...