Getting Data In

Solaris install without root

drkduncan
Engager

This has probably already been asked, so please forgive me for duplicating. I am trying to install the splunk forwarder on a Solaris machine via CLI (Tar.Z package) and was wondering if there is any possible way to install it without root.

I am trying to set up a POC, but only SA's have root access. Not the application developers.

I know that once it is installed you can run as another user, but it looks like you have to be root to even get there.

1 Solution

mwhite_splunk
Splunk Employee
Splunk Employee

When you untar the file, be sure you are untarring it an area where you have read/write permissions. Additionally, since Splunk runs on non-privileged ports, it should operate with no issues. The issue you are going to run into is that you will not be able to read the syslogs as a standard user. However, as an application developer, if you are running a sandboxed application, you direct those logs into your Splunk instance with no issues.

View solution in original post

mwhite_splunk
Splunk Employee
Splunk Employee

When you untar the file, be sure you are untarring it an area where you have read/write permissions. Additionally, since Splunk runs on non-privileged ports, it should operate with no issues. The issue you are going to run into is that you will not be able to read the syslogs as a standard user. However, as an application developer, if you are running a sandboxed application, you direct those logs into your Splunk instance with no issues.

drkduncan
Engager

You would think that after working on Solaris boxes for 5 years, and *nix for another 6 before that I would think to check the arch the package was compiled for.

For future reference, if you extract the x86_64 package and try to run it on a sparc box, it wont work.

I am wearing a dunce hat now.....

Thanks for the answer - it works when you use the right files....

0 Karma

dwaddle
SplunkTrust
SplunkTrust

If you're using the tarball - regardless of Unix OS - then you can run a forwarder under that user. The forwarder will only have access to read files that is equivalent to the user running it. You should be able to simply untar the forwarder .tgz into a directory and launch it.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...