Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunk 4.1.2 and selinux on RH 5

kmehta
Engager
‎05-20-2010 10:39 PM

Hi,

I am trying to start splunk on a server running RH5, and get the belowmessage re: selinux. I have tried adding the line:

export SPLUNK_IGNORE_SELINUX=1

in the file opt/splunk/etc/splunk-launch.conf, but I still get the message. Any suggestions?

Kamal...

/opt/splunk/bin/splunk start

Splunk> Take the sh out of IT.

Checking prerequisites... Checking http port [8000]: open Checking mgmt port [8089]: open Checking configuration... Done. Checking index directory... Done. Checking databases... Validated databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sample, splunklogger, summary Checking for SELinux.

Command error: Splunk will not run with SELinux enabled. If you have adjusted Splunk's security level with chcon, you can bypass this check by setting the 'SPLUNK_IGNORE_SELINUX' environment variable.

Tags (1)
Reply

sdwilkerson
Contributor
‎06-04-2010 12:53 AM

Don't forget to also set SELINUX to allow Splunk to operate properly. Here are my notes (very similar to the Splunk Docs btw) on how to do this on RHEL5:

  1. Execute the chcon command on the Splunk lib directory::
    • chcon -c -v -R -u system_u -r object_r -t lib_t $SPLUNK_HOME/lib 2>&1 > /dev/null
  2. Then, disable the check when Splunk starts up by adding the following line to $SPLUNK_HOME/etc/splunk-launch.conf:
    • SPLUNK_IGNORE_SELINUX=1
Reply

Genti
Splunk Employee
Splunk Employee
‎06-04-2010 12:48 AM

Official doc: http://www.splunk.com/base/Documentation/3.4/Installation/ConfigureSELinux

Also, dont forget to check other threads you open about the same topic 😉
http://www.splunk.com/support/forum:SplunkAdministration/4360/14300

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎05-20-2010 11:25 PM

use:

SPLUNK_IGNORE_SELINUX=1

the splunk-launch.conf file is not a shell script and export isn't recognized.

Reply

kmehta
Engager
‎05-20-2010 11:43 PM

Thanks. That works!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...