Once the forwarder is installed, you’ll need to configure it to talk to your server. opt/splunkforwarder/bin/splunk -answer-yes -no-prompt -accept-license startĪgain, this will automatically accept the license and enable the forwarder at boot time. opt/splunkforwarder/bin/splunk -answer-yes -no-prompt -accept-license enable boot-start
#INSTALLING SPLUNK FORWARDER ON LINUX INSTALL#
Yum -y install splunkforwarder-*-linux-2.6-x86_64.rpm For this quick tutorial, we’ll skip that and run directly these commands:
#INSTALLING SPLUNK FORWARDER ON LINUX HOW TO#
Again, head off to the download page and grab the package you need.įor large scale deployment you might want to read about how to use nf, so you can pre-seed your installation user and password. Now that the server side is configured, we need to setup a client to send some logs to it. Install the Splunk Universal Forwarder on clients opt/splunk/bin/splunk enable deploy-server -auth admin:changemeįor more information on this step, check: opt/splunk/bin/splunk enable listen 9997 -auth admin:changeme The logical next step is to configure the Splunk Server to listen for incoming logs.Īssuming you didn’t change (yet) your Splunk Server user and password, you’ll need to run: If it doesn’t work, check if you have a firewall on your server machine and open port tcp/8000 if needed.įor more information on this step, I’ll referr you to the Fine Manual: If everything worked correctly, you should be able to connect to your Splunk Server on:
This will automatically accept the license and setup the Splunk Server to start at boot time. opt/splunk/bin/splunk -answer-yes -no-prompt -accept-license start opt/splunk/bin/splunk -answer-yes -no-prompt -accept-license enable boot-start I got the 64bit RPM for my CentOS 7 server and installed it with You have to register for it (proprietary software). Install the Splunk Serverįirst thing, you need to download the server. I started following this guide with a few integrations here and there. So here’s a few notes on what I did to get it working. And of course I ended up having to install Splunk for a client.
As you may have noticed, I’m not a huge fan of proprietary, closed source software.
0 kommentar(er)
