Security

Read Access to Logs for Splunk ID on AIX

sewabal
Observer

Hi Team,

We need your help related to file permission. We are installing the spunk agent on the AIX servers to read the log files. We don't want to add Splunk ID to the group for reading access.

We are trying with ACL command such as acledit, aclput etc to provide the read access to the path of the log.

We have to try to provide access with these steps
1) export EDITOR=/usr/bin/vi
2) command: acledit dir
3) enabled
permit r-- u:abc_id
4) to provide read access recursive under dir
aclget DIRECTORY | aclput -R DIRECTORY

Question: Is there any better way to provide read access to Splunk users to historical ?

Could you please help us with how to provide the read access to all the historical files and new files with ACL?

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...