This documentation does not apply to the most recent version of Splunk® App for Infrastructure (Legacy).
For documentation on the most recent version, go to the latest release.
Update SELinux to allow for data collection in Splunk App for Infrastructure
Admin permissions are required to perform these steps.
Systems with SELinux enabled can sometimes have the following known issues:
- Permission denied when collectd’s logfile plugin tries to write the log.
- Blocked network connection for collectd, leading to the error CURL failed with status 7.
If SELinux is enabled, update SELinux to allow for data collection. Use one of the two options in this section, using the command line, to prevent any failures.
Option 1
1. Run collectd domain in permissive mode to fix both CURL and logging issues.
semanage permissive -a collectd_t
Option 2
1. Fix the blocked network connection for collectd.
setsebool -P collectd_tcp_network_connect 1
2. Fix the permission denied for the logfile plugin.
collectd’s log is also available from syslog, and should not require any changes.
- Use /var/log/collectd.log in collectd.conf for logfile plugin.
- Create file mypolicy.te with content:
module mypolicy 1.0;
require {
type var_log_t;
type collectd_t;
class dir { add_name read write };
class file { create open write };
}
#============= collectd_t ==============
allow collectd_t var_log_t:dir { add_name write };
allow collectd_t var_log_t:file open;
allow collectd_t var_log_t:file create;
- Compile mypolicy.te
$ checkmodule -M -m -o mypolicy.mod mypolicy.te $ semodule_package -o mypolicy.pp -m mypolicy.mod
- Apply policy package mypolicy.pp to SELinux:
$ semodule -i mypolicy.pp
Last modified on 04 January, 2019
| Manually configure metrics collection for *nix on Splunk App for Infrastructure | Use custom metric indexes in Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 1.2.0, 1.2.1, 1.2.2, 1.2.3
Download manual
Feedback submitted, thanks!