Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Scripted Input permissions and execution troubleshooting

raynold_peterso
Path Finder
‎07-23-2020 08:41 AM

Hello all,

I think I need help on this one....

We have a standalone windows system which is our indexer, management and deployment server.   In the field, we have several flavors of devices running universal forwarders, i.e. Windows, Linux, Solaris, etc.

I am working on a directory monitor which will allow me to see what files are in a directory and report is one is missing or the like.  

To test this, I created a scripted input to gather the contents of the directory and forward it to the indexer.

 

inputs.conf

###### Scripted Input to monitor directory files
[script://./bin/dircontents.sh]
disabled = 0
interval = 60
sourcetype = Script:dircontents.sh
index = filewatch
props.conf 

[Script:dircontents.sh]
SHOULD_LINEMERGE = false
LINE_BREAKER = ([\r\n]+)
MAX_EVENTS = 10000
TRUNCATE = 0
DATETIME_CONFIG = CURRENT
dircontents.sh

cd /u01/DeticaHome/UI/data/acquisition/waiting
ls | sort

With those config files, I deploy the app without issue, but when the script runs I get the following;

index=_internal

07-23-2020 09:30:47.841 -0500 ERROR ExecProcessor - message from "/opt/splunkforwarder/etc/apps/_server_app_Detica-File-Processing-Mon/bin/dircontents.sh" /bin/sh: /opt/splunkforwarder/etc/apps/_server_app_Detica-File-Processing-Mon/bin/dircontents.sh: cannot execute

It appears the permissions of the script are not correct.  I checked and the deploy script,  dircontents.sh, permissions are 655 at deployment.  I changed the permissions to 755 manually and the script took off and started working, but this was a manual intervention which is not optimal.   

The Universal forwarder was installed and running as root.  

To get this right, I need 755 permissions of the script fo the scripted input. 

What have I missed?  Any insight would be great at this point.

Thanks in advance,

Rcp

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-23-2020 12:15 PM

Hi

if I recall right you cannot use Windows DS for Linux/Unix (other than Windows) UF. Vice versa it’s ok.

You must switch your DS to Linux server to deploy all needed environments.

R. Ismo

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎07-23-2020 10:12 AM
If the .sh file has 755 permissions on the DS then that should be retained on the UFs.
Are you aware of the risks of running the UF as root?
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

shocko
Contributor
‎09-27-2022 05:06 AM

What mechanism does this though? Linux would not create a a file with X set. The UF though might though add that permissions afterwards I'd imagine. 

0 Karma
Reply
Solved! Jump to solution

raynold_peterso
Path Finder
‎07-23-2020 11:12 AM

The DS is a windows system and you can not set execute permissions on windows files.  Once it gets deployed the UF gives it a 655 permission set.  How do I get around that?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎07-23-2020 12:23 PM
Ah. This is critical information. Running a DS on Windows is a known problem because of this very reason. Can you stand up a Linux box to run the DS on?
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

raynold_peterso
Path Finder
‎07-23-2020 12:56 PM

I have kicked off the process and should have a AWS Linux system up soon.  I'll install splunk enterprise and configure it as my deployment server.

Thanks for all the help.

 

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-23-2020 01:02 PM
Nice to hear that. As case is solved you should accept the solution so other can see it later on when they had same issue.
0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎07-23-2020 12:15 PM

Hi

if I recall right you cannot use Windows DS for Linux/Unix (other than Windows) UF. Vice versa it’s ok.

You must switch your DS to Linux server to deploy all needed environments.

R. Ismo

 

0 Karma
Reply
Solved! Jump to solution

raynold_peterso
Path Finder
‎07-23-2020 12:37 PM

So,

LinuxDS -> WindowsUF=OK
LinuxDS->SolarisUF=OK
WindowsDS -> WindowsUF = OK
WindowsDS-> SolarisUF = BAD
WindowsDS-> LinuxUF = BAD.

Is this what I am to understand?

Well, that is rather unfortunate.  I'll start seeing what I can do to spin up a Linux system.   

Let me know if I am off base.

Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-23-2020 12:38 PM

That’s correct!

Reply
Get Updates on the Splunk Community!

Splunk Classroom Chronicles: Training Tales and Testimonials

Welcome to the "Splunk Classroom Chronicles" series, created to help curious, career-minded learners get ...

Access Tokens Page - New & Improved

Splunk Observability Cloud recently launched an improved design for the access tokens page for better ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...