Re: "Can't create directory" on add monitor

davisyoshida · ‎02-19-2014

I am running the command
sudo -u splunk ./splunk add monitor /var/log/

When I do this, I receive the error 'Can't create directory "/home/myusername/.splunk": Permission denied.' Seeing as the command is being run as the splunk user, I can't see why it would be trying to make a directory in my home directory. Why is this happening, and how can I fix it?

Trucal · ‎05-25-2015

I had the same issue using 'sudo -u splunk splunk ./splunk add monitor /var/log/' to add a monitor. I ended up adding .splunk directory to my home and running chmod 777 on it.

The add-monitor script added an authToken_servername_8089 to my normal user home directory, but owned by splunk:splunk,

mattspierce · ‎09-17-2014

When you start your forwarder do you run the init or call the program via the splunk user or the root user?. My guess would be that you called it form root and your permissions are for the root user. If you do an ls -la you can see who owns the files. I would approach the problem as user root run chown -R splunk:splunk /opt/splunkforwarder/ then ensure you start the forwarder as splunk. Your sudo -u splunk should now be able to make the necessary changes.

seandevo · ‎09-17-2014

I had the same problem, try just typing:

sudo ./splunk add monitor /var/log/

It should prompt you for root [sudo] password and then your splunk credentials that were set up. Worked for me

Good luck!

"Can't create directory" on add monitor

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?