TOC & Recently Viewed

Recently Viewed Topics

Remove the LCE Splunk Client

Note: All shell commands need to be executed by a user with root privileges.

Steps

  1. To query the rpm database to obtain the name of the currently installed package, type rpm -qa |grep lce_.

    Example:

    # rpm -qa |grep lce_

    lce_splunk-4.6.0-el6.x86_64.rpm

  2. Type rpm -e lce_splunk.

    The Splunk Client package is removed.

    Example:

    # rpm -e lce_splunk

    warning: /opt/lce_splunk/server_assignment.xml saved as /opt/lce_splunk/server_assignment.xml.rpmsave

  3. Optionally, type rm -rf /opt/lce_splunk/ to remove the Splunk Client install directory. Configuration and log files will remain unless the directory is removed.

    An additional file, /etc/tenable_tag, will be installed with the Splunk Client if it does not already exist. This file contains a UUID that tracks all events related to the endpoint on which the client is installed. This file should only be removed if no other Tenable products are in use, and no others will be installed on the endpoint in the future.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.