Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: LEA Loggrabber CDATA ExecProcessor error
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have the lea-loggrabber.sh script correctly pulling data via OPSEC from multiple firewalls. However my logs are being flooded with error messages like below:
05-02-2013 16:00:38.477 +0100 ERROR ExecProcessor - message from "/opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.sh --configentity Firewall03" sh: ![CDATA[1366363524@Firewall03: No such file or directory
How can I correct this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This issue keeps spamming my splunkd.log. Had to start discarding stderr by changing the inputs.conf to:
[script:///opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.my --configentity Firewall03 2>/dev/null]
disabled = 0
interval = 600
passAuth = admin
sourcetype = opsec
index = checkpoint
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This issue keeps spamming my splunkd.log. Had to start discarding stderr by changing the inputs.conf to:
[script:///opt/splunk/etc/apps/Splunk_TA_opseclea_linux22/bin/lea-loggrabber.my --configentity Firewall03 2>/dev/null]
disabled = 0
interval = 600
passAuth = admin
sourcetype = opsec
index = checkpoint
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This happens because of the shell thinks the 
Accelerating Observability as Code with the Splunk AI Assistant
Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...
Congratulations to the 2025-2026 SplunkTrust!
