Find errors
To troubleshoot problems with your Splunk Enterprise for Common Criteria configuration, try the following:
- Analyze audit.log for errors:
audit2allow -r -R -t splunk_t -i audit.log -o splunk-selinux.analysis
- Check for policy denials and reset policies to be allowed as necessary. See Debug SELinux denials.
- For more information about troubleshooting SELinux, see the SELInux project site at http://selinuxproject.org.
Debug SELinux denials |
This documentation applies to the following versions of Splunk® Enterprise: 7.3.3, 7.3.4, 8.1.1, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4
Feedback submitted, thanks!