Splunk
If you forward data to Splunk, then check the permissions to the Logs directory to make sure that the forwarder can access the logs.
The logs are located in the directory: /opt/ihub/log. For the directory log, the permissions required are Read and eXecute and the logs require Read permission. The Splunk Forwarder will need to traverse the directory to search for the logs, therefore eXecute permission is required.
Depending on the setup, the permissions required can be different. For different setups, see the details below:
- Splunk running as root user – If Splunk is running as root user, then no changes will be required. The root user will have access to the Insight Logs regardless of whether Hub is running as a root user or a non-root user.
- Hub and Splunk running as non-root user – If Hub is running as a non-root user then a group would have been created as per the previous section Installation steps for Linux. The non-root user can start and stop Hub and Configuration Tool services. The Splunk Forwarder user can be added to that group. Once this is done, the Splunk Forwarder will need to be restarted for the new permissions to take effect.
- Hub running as root but Splunk running as non-root user – If Hub is running as root user but Splunk is not, then the permissions for all users will need to be configured. A system admin will need to change the permissions on the /opt/ihub/log directory to have Read and eXecute access for OTHER (All Users). For example ‘drwxrwxr-x’. This can be done with the chmod command.