Have you tried the fix suggested here? https://community.spiceworks.com/topic/2222892-search-adminauditlog-need-to-enable-tls-1-0-to-work-correctly
... View more
This is how (I think) I fixed this error:
Change this line in rlog.sh from:
if [ -n " service auditd status " -a "$?" -eq 0 ] ; then
To:
if [ -n " service auditd status 2> /dev/null " -a "$?" -eq 0 ] ; then
Why this works?
Because on rhel7 the redirecting to systemctl comment is sent to stderr which splunk interprets as an error it should log under the ExecProcessor in splunkd.log
... View more
Hi, I'm seeing the same issues on some rhel5 boxes that have iptables enabled.
Did you ever find a solution to this?
The bandaids I've seen suggested elsewhere are to increase net.ipv4.netfilter.ip_conntrack_max.
... View more
Have you had a look at my app (apologies for the shameless self promotion):
http://splunk-base.splunk.com/apps/88316/dnslookup
It doesn't quite do what you're asking but it is close.
... View more
On fedora 18 I've hit this problem as well, my workaround (that doesn't work see additional comment below) might be helpful to some people.
I just replace the locktest (/opt/splunk/bin/locktest) with a bash script which does an 'exit 0'.
Edit: Ok, this worked for a little while and then resulted in the indexer blocking and lots of weird things happening.
... View more