On August 22, 2022, the Splunk App Infrastructure will reach its end of life and Splunk will no longer maintain or develop this product.
Update SELinux to allow for data collection in Splunk App for Infrastructure
You may encounter these issues when you try to deploy collectd on a system that's running SELinux:
- collectd's LogFile plug-in doesn't have permissions to write to its log.
- collectd can't establish a network connection and you see the
CURL failed with status 7error.
If you're running SELinux and want to deploy collectd, follow one of the two following options so you don't encounter any failures.
Option 1
Run the collectd process type in permissive mode:
semanage permissive -a collectd_t
SELinux won't deny access to collectd anymore, but you may still see the SELinux denial message.
Option 2
- Fix the blocked network connection for collectd:
setsebool -P collectd_tcp_network_connect 1
- Fix the permission denied for the LogFile plug-in. collectd's log is also available from syslog, and shouldn't require any changes to access from there. Use
/var/log/collectd.logincollectd.conffor the LogFile plug-in. - Create
file mypolicy.tewith content:module mypolicy 1.0; require { type var_log_t; type collectd_t; class dir { add_name read write }; class file { create open write }; } #============= collectd_t ============== allow collectd_t var_log_t:dir { add_name write }; allow collectd_t var_log_t:file open; allow collectd_t var_log_t:file create; - Compile
mypolicy.te:$ checkmodule -M -m -o mypolicy.mod mypolicy.te $ semodule_package -o mypolicy.pp -m mypolicy.mod
- Apply the policy package
mypolicy.ppto SELinux:$ semodule -i mypolicy.pp
Last modified on 07 July, 2020
| collectd package sources, install commands, and locations | Collect Windows metrics and logs with Splunk App for Infrastructure |
This documentation applies to the following versions of Splunk® App for Infrastructure (Legacy): 2.2.0 Cloud only, 2.2.1, 2.2.3 Cloud only, 2.2.4, 2.2.5
Download manual
Feedback submitted, thanks!