Hi
I am trying to install the latest version of baremetal uba on rhel 7.8.
I have followed the requirements and steps mentioned in splunk docs.
When I ran the pre check script, i noticed the following:
/var/log symlinks: 13 <= expecting 14; verify missing link
... 'containers' symlink not found
It looks like the containers folder was not created in the /var/log folder
it also showed me this:
/var/log perm/owner: lrwxrwxrwx. 1 root root 23 Feb 3 12:58 /var/log/kafka -> /var/vcap/sys/log/kafka <= issue with one (or more) log sub-directories
The owner for this should be caspida:caspida correct?
Also showed me this:
interface: '<%' <== system.network.interface value in /etc/caspida/local/conf/uba-site.properties does not match 'eth0'
Splunk docs mentioned If the network interface is not the default eth0, edit configuration file /etc/caspida/local/conf/uba-site.properties and add the following entry with the corresponding interface:
system.network.interface=<interface>
My nic is already eth0
Any assistance will be appreciated..
Thanks
Have you already completed the installation of UBA or are you simply running the pre-check script for the first time prior to installation?
If prior to installation, some errors are expected. See the relevant docs here:
https://docs.splunk.com/Documentation/UBA/5.0.4/Install/CheckSystemStatus
You might see errors related to file-based configurations. Those configurations happen after setup, so you can ignore those errors when running the script before setting up Splunk UBA.
I recently completed a UBA clustered setup on RHEL. I don't recall whether we saw the symlink or /var/log errors, but I do remember seeing the eth0 error. That eth0 message went away after installation.
If you haven't installed yet, I think you are likely safe to proceed. Run the script again after installation to verify everything is set up correctly.
Can you Plz share installation files for UBA?
Have you already completed the installation of UBA or are you simply running the pre-check script for the first time prior to installation?
If prior to installation, some errors are expected. See the relevant docs here:
https://docs.splunk.com/Documentation/UBA/5.0.4/Install/CheckSystemStatus
You might see errors related to file-based configurations. Those configurations happen after setup, so you can ignore those errors when running the script before setting up Splunk UBA.
I recently completed a UBA clustered setup on RHEL. I don't recall whether we saw the symlink or /var/log errors, but I do remember seeing the eth0 error. That eth0 message went away after installation.
If you haven't installed yet, I think you are likely safe to proceed. Run the script again after installation to verify everything is set up correctly.