I am running Splunk for OSSEC, v4. OSSEC 2.5.1 is installed and running on the same server as Splunk. I originally started Splunk as root with
but then decided I wanted to run it as a non-root user (splunk user). I chown'ed the entire /opt/splunk directory as the splunk user and then restarted Splunk. When I go to Searches & Reports > Utilities > Initialize OSSEC Server Lookup Table, and/or Rebuild Table, I get these errors:
Whats the best way to "clear" everything out and start fresh? Seems like I need to delete this lookup table and start over. Any help is appreciated.
asked 28 Jun '11, 09:47
The simplest thing would be to open the file in a text editor and replace its contents with:
Then, run the
answered 28 Jun '11, 19:24