Hardware and software requirements for the Splunk Add-on for Unix and Linux¶
The Splunk Add-on for Unix and Linux installs on Splunk instances that run on many versions of Unix, including Linux, Solaris, and AIX.
Dependencies¶
The Splunk Add-on for Unix and Linux requires these software packages to be installed on all supported Unix and Linux operating systems for scripted inputs to work:
GNU awksysstatntpdatelsofnfs-utilsbashchronyiproute/ iproute2lshw
Following are detailed requirements for the scripted inputs for each supported OS. Use your OS-specific package manager to install these packages if they are not already installed:
| Script Name | Ubuntu | Rocky | Alma | FreeBSD | RHEL | SUSE | Solaris | OEL | MacOS |
|---|---|---|---|---|---|---|---|---|---|
| cpu.sh | Package: sysstat | Package: sysstat | Package: sysstat | Package: top | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | Built-in tool: top |
| iostat.sh | Package: sysstat | Package: sysstat | Package: sysstat | Package: iostat | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | N/A |
| lastlog.sh | Package: util-linux | Package: util-linux | Package: util-linux | Package: last | Package: util-linux | Package: util-linux | Package: last | Package: util-linux | Built-in tool: last |
| lsof.sh | Package: lsof | Package: lsof | Package: lsof | Package: lsof | Package: lsof | Package: lsof | Package: lsof | Package: lsof | Built-in tool: lsof |
| netstat.sh | Package: iproute2 | Package: iproute2 | Package: iproute2 | Package: netstat, ifconfig | Package: iproute2 | Package: iproute2 | Package: netstat, ifconfig | Package: iproute2, net-tools | Built-in tool: netstat |
| VsftpdChecker.sh | Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd user needs to have read permission to the /etc/vsftpd/vsftpd.conf file. |
Package: Vsftpd grant read permission for /usr/local/etc/vsftpd.conf |
| SshdChecker.sh | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | Grant permissions for /etc/ssh/sshd_config | NA |
| bandwidth.sh | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | Package: sysstat | NA |
| df.sh | Package: coreutils | Package: coreutils | Package: coreutils | Package: df | Package: coreutils | Package: coreutils | Package: df | Package: coreutils | Built-in tools: df, mount |
| hardware.sh | Package: coreutils, net-tools, lshw | Package: coreutils, lshw | Package: coreutils, lshw | Package: sysctl, df, ifconfig, dmesg, top | Package: iproute2, net-tools, lshw | Package: iproute2, net-tools, lshw | Package: mpstat, iostat, dmesg, ifconfig | Package: iproute2, net-tools, lshw | Built-in tools: df, sysctl, system_profiler, ifconfig |
| interface.sh | Package: iproute2, net-tools | Package: iproute2, net-tools | Package: iproute2, net-tools | Package: ifconfig, netstat | Package: iproute2, net-tools | Package: iproute2, net-tools | Package: ifconfig, netstat | Package: iproute2, net-tools | Built-in tools: netstat, ifconfig |
| nfsiostat.sh | Package: nfs-common | Package: nfs-utils | Package: nfs-utils | NA | Package: nfs-utils | Package: nfs-utils | NA | Package: nfs-utils | NA |
| service.sh | Install chkconfig and use systemctl | Install chkconfig | Install chkconfig | NA | Install chkconfig | Install chkconfig | NA | Install chkconfig and use systemctl | Built-in tools: date, defaults, dscl, find, ls |
| time.sh | Package: ntpdate, date, or chronyc | Package: ntpdate, date, or chronyc | Package: ntpdate, date, or chronyc | Package: ntpdate, date | Package: ntpdate, date, or chronyc | Package: ntpdate, date, or chronyc | Package: ntpdate, date | Package: ntpdate, date, or chronyc | Install: date, ntpdate or sntp or chronyc |
| top.sh | Package: procps-ng | Package: procps-ng | Package: procps-ng | Package: prstat | Package: procps-ng | Package: procps-ng | Package: prstat | Package: procps-ng | Built-in tool: top |
| version.sh | Package: coreutils, util-linux | Package: coreutils, util-linux | Package: coreutils, util-linux | Commands: date, uname | Package: coreutils, util-linux | Package: coreutils, util-linux | Commands: date, uname | Package: coreutils, util-linux | Commands: sw_vers and oslevel |
| vmstat.sh | Package name: procps-ng and sysstat. | Package name: procps-ng and sysstat. | Package name: procps-ng and sysstat. | Package name: sysctl, vmstat and top | Package name: procps-ng and sysstat. | Package name: procps-ng and sysstat. | Package name: vmstat, prstat | Package name: procps-ng and sysstat. | NA |
| rlog.sh | Package name: auditd If you want to collect data for rlog, you need to grant the necessary permissions for the /var/log/audit/audit.log. If you are using a non-root user, data will be collected, but an error will appear in splunkd. To collect data without errors, use root user. |
Package name: auditd If you want to collect data for rlog, you need to grant the necessary permissions for the /var/log/audit/audit.log. If you are using a non-root user, data will be collected, but an error will appear in splunkd. To collect data without errors, use root user. |
Package name: auditd If you want to collect data for rlog, you need to grant the necessary permissions for the /var/log/audit/audit.log. If you are using a non-root user, data will be collected, but an error will appear in splunkd. To collect data without errors, use root user. |
NA | Package name: auditd If you want to collect data for rlog, you need to grant the necessary permissions for the /var/log/audit/audit.log. If you are using a non-root user, data will be collected, but an error will appear in splunkd. To collect data without errors, use root user. |
Package name: auditd If you want to collect data for rlog, you need to grant the necessary permissions for the /var/log/audit/audit.log. |
NA | Package name: auditd If you want to collect data for rlog, you need to grant the necessary permissions for the /var/log/audit/audit.log. If you are using a non-root user, data will be collected, but an error will appear in splunkd. To collect data without errors, use root user. |
NA |
Splunk admin requirements¶
To install and configure the Splunk Add-on for Unix and Linux, you must be a member of the admin role or if you are a member of the sc_admin role then you need to provide the capabilities edit_monitor and edit_scripted to the user/role.
Splunk platform requirements¶
Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.
- For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
- If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
For information about installation locations and environments, see Install the Splunk Add-on for Unix and Linux.