All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Sysmon deploy.bat and update.bat files showing errors?

jlstanley
Path Finder
‎07-06-2018 02:49 PM

I'm using the deploy.bat and update.bat you packaged with the add-on but I get errors If I run them from an admin command prompt but it still appears to work with the install . any ideas why the errors still occur?

C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-Sysmon-deploy\bin>update.bat
| was unexpected at this time.

then the update:

Fri 07/06/2018-16:43:19.28 The SplunkUniversalForwarder is installed at C:\Program Files\SplunkUniversalForwarder
Fri 07/06/2018-16:43:19.28 Checking for Sysmon
1
Fri 07/06/2018-16:43:19.28 Sysmon found, checking version
Fri 07/06/2018-16:43:19.28 Sysmon binary is outdated, un-installing
Stopping Sysmon.
Sysmon stopped.
Sysmon removed.
Stopping SysmonDrv..
SysmonDrv stopped.
SysmonDrv removed.
Removing service files.
Fri 07/06/2018-16:43:19.28 Sysmon not found, proceding to install
Fri 07/06/2018-16:43:19.28 Copying the latest config file

0% copied
100% copied 1 file(s) copied.
Fri 07/06/2018-16:43:19.28 Installing Sysmon
Fri 07/06/2018-16:43:19.28 Install failed

Labels (1)
Labels
0 Karma
Reply

olafhartong
Engager
‎07-24-2018 01:20 AM

Sorry for the late response, but great thanks to @jdhunter for fixing the issue. I'll update the app on SplunkBase right away and incorporate the fix.

0 Karma
Reply

jdhunter
Path Finder
‎07-19-2018 11:45 AM

I would get the failed result regardless. I had to change the s to uppercase in "Sysmon installed" and that corrected all of the Install Failed messages I was receiving.

deploy.bat

echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" /accepteula -i c:\windows\config.xml | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit

Reply

HaX
New Member
‎11-21-2022 07:11 AM

You can use this command. I hope you'll not face any error and it'll work as you desired.

You need to correct some mistakes causing the error.

/accepteula -> -accepteula

c:\windows\config.xml -> "c:\windows\config.xml"

echo %DATE%-%TIME% Installing Sysmon && "%SPLUNKPATH%\etc\apps\your_sysmon_app\bin\sysmon.exe" -accepteula -i "c:\windows\config.xml" | Find /c "Sysmon installed." 1>nul && echo %DATE%-%TIME% Install complete! && exit

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...