Getting Data In

Solaris install without root

Engager

This has probably already been asked, so please forgive me for duplicating. I am trying to install the splunk forwarder on a Solaris machine via CLI (Tar.Z package) and was wondering if there is any possible way to install it without root.

I am trying to set up a POC, but only SA's have root access. Not the application developers.

I know that once it is installed you can run as another user, but it looks like you have to be root to even get there.

1 Solution

Splunk Employee
Splunk Employee

When you untar the file, be sure you are untarring it an area where you have read/write permissions. Additionally, since Splunk runs on non-privileged ports, it should operate with no issues. The issue you are going to run into is that you will not be able to read the syslogs as a standard user. However, as an application developer, if you are running a sandboxed application, you direct those logs into your Splunk instance with no issues.

View solution in original post

Splunk Employee
Splunk Employee

When you untar the file, be sure you are untarring it an area where you have read/write permissions. Additionally, since Splunk runs on non-privileged ports, it should operate with no issues. The issue you are going to run into is that you will not be able to read the syslogs as a standard user. However, as an application developer, if you are running a sandboxed application, you direct those logs into your Splunk instance with no issues.

View solution in original post

Engager

You would think that after working on Solaris boxes for 5 years, and *nix for another 6 before that I would think to check the arch the package was compiled for.

For future reference, if you extract the x86_64 package and try to run it on a sparc box, it wont work.

I am wearing a dunce hat now.....

Thanks for the answer - it works when you use the right files....

0 Karma

SplunkTrust
SplunkTrust

If you're using the tarball - regardless of Unix OS - then you can run a forwarder under that user. The forwarder will only have access to read files that is equivalent to the user running it. You should be able to simply untar the forwarder .tgz into a directory and launch it.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes and swag!