- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: Splunk UBA Installation
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I am trying to install the latest version of baremetal uba on rhel 7.8.
I have followed the requirements and steps mentioned in splunk docs.
When I ran the pre check script, i noticed the following:
/var/log symlinks: 13 <= expecting 14; verify missing link
... 'containers' symlink not found
It looks like the containers folder was not created in the /var/log folder
it also showed me this:
/var/log perm/owner: lrwxrwxrwx. 1 root root 23 Feb 3 12:58 /var/log/kafka -> /var/vcap/sys/log/kafka <= issue with one (or more) log sub-directories
The owner for this should be caspida:caspida correct?
Also showed me this:
interface: '<%' <== system.network.interface value in /etc/caspida/local/conf/uba-site.properties does not match 'eth0'
Splunk docs mentioned If the network interface is not the default eth0, edit configuration file /etc/caspida/local/conf/uba-site.properties and add the following entry with the corresponding interface:
system.network.interface=<interface>
My nic is already eth0
Any assistance will be appreciated..
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you already completed the installation of UBA or are you simply running the pre-check script for the first time prior to installation?
If prior to installation, some errors are expected. See the relevant docs here:
https://docs.splunk.com/Documentation/UBA/5.0.4/Install/CheckSystemStatus
You might see errors related to file-based configurations. Those configurations happen after setup, so you can ignore those errors when running the script before setting up Splunk UBA.
I recently completed a UBA clustered setup on RHEL. I don't recall whether we saw the symlink or /var/log errors, but I do remember seeing the eth0 error. That eth0 message went away after installation.
If you haven't installed yet, I think you are likely safe to proceed. Run the script again after installation to verify everything is set up correctly.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you Plz share installation files for UBA?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you already completed the installation of UBA or are you simply running the pre-check script for the first time prior to installation?
If prior to installation, some errors are expected. See the relevant docs here:
https://docs.splunk.com/Documentation/UBA/5.0.4/Install/CheckSystemStatus
You might see errors related to file-based configurations. Those configurations happen after setup, so you can ignore those errors when running the script before setting up Splunk UBA.
I recently completed a UBA clustered setup on RHEL. I don't recall whether we saw the symlink or /var/log errors, but I do remember seeing the eth0 error. That eth0 message went away after installation.
If you haven't installed yet, I think you are likely safe to proceed. Run the script again after installation to verify everything is set up correctly.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
