Splunk install and universal forwarder HOWTO
Splunk install and universal forwarder HOWTO using DigitalOcean droplets
Read the full article here on my website: http://bit.ly/2I4QGbe
PLEASE NOTE THAT THE VERSION NUMBER IS ALWAYS CHANGING: "7.1.0-2e75b3406c5b" WILL BE OBSOLETE
SO DON'T JUST CUT AND PASTE COMMANDS BELOW, WHEN YOU DOWNLOAD FROM SPLUNK.COM THE MOST CURRENT VERSION IS PRESENTED...
*******SPLUNK SERVER*******
wget -O splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=splunk&filename=splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
apt install ./splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb
cd /opt/splunk/bin/
./splunk start --accept-license
./splunk enable boot-start
netstat -auntp | grep 9997
*******SPLUNK FORWARDER*******
wget -O splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
apt install ./splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb
cd /opt/splunkforwarder/bin/
./splunk start --accept-license
./splunk add forward-server 167.99.229.117:9997
./splunk add monitor /var/log/auth.log -sourcetype linux_secure
./splunk add monitor /var/log/syslog -sourcetype syslog
./splunk add monitor /var/log/apache/access.log -sourcetype access_combined
vi /opt/splunkforwarder/etc/system/local/inputs.conf
[monitor:///var/log/auth.log]
sourcetype=linux_secure
[monitor:///var/log/syslog]
sourcetype=syslog
/opt/splunkforwarder/bin/splunk restart
/opt/splunkforwarder/bin/splunk enable boot-start
Splunk Server and Universal Forwarder HOWTO
Видео Splunk install and universal forwarder HOWTO канала Arthur Carter
Read the full article here on my website: http://bit.ly/2I4QGbe
PLEASE NOTE THAT THE VERSION NUMBER IS ALWAYS CHANGING: "7.1.0-2e75b3406c5b" WILL BE OBSOLETE
SO DON'T JUST CUT AND PASTE COMMANDS BELOW, WHEN YOU DOWNLOAD FROM SPLUNK.COM THE MOST CURRENT VERSION IS PRESENTED...
*******SPLUNK SERVER*******
wget -O splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=splunk&filename=splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
apt install ./splunk-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb
cd /opt/splunk/bin/
./splunk start --accept-license
./splunk enable boot-start
netstat -auntp | grep 9997
*******SPLUNK FORWARDER*******
wget -O splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb&wget=true'
apt install ./splunkforwarder-7.1.0-2e75b3406c5b-linux-2.6-amd64.deb
cd /opt/splunkforwarder/bin/
./splunk start --accept-license
./splunk add forward-server 167.99.229.117:9997
./splunk add monitor /var/log/auth.log -sourcetype linux_secure
./splunk add monitor /var/log/syslog -sourcetype syslog
./splunk add monitor /var/log/apache/access.log -sourcetype access_combined
vi /opt/splunkforwarder/etc/system/local/inputs.conf
[monitor:///var/log/auth.log]
sourcetype=linux_secure
[monitor:///var/log/syslog]
sourcetype=syslog
/opt/splunkforwarder/bin/splunk restart
/opt/splunkforwarder/bin/splunk enable boot-start
Splunk Server and Universal Forwarder HOWTO
Видео Splunk install and universal forwarder HOWTO канала Arthur Carter
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Introduction to Splunk Forwarder Deployment Topology and Configure Universal Forwarder](https://i.ytimg.com/vi/1fg0joVsbOY/default.jpg)
![Splunk Tutorial- Linux Forwarder & Addon Setup](https://i.ytimg.com/vi/lGfIdjwPsw4/default.jpg)
![How to Setup A Splunk Forwarder on A Linux VM](https://i.ytimg.com/vi/4CwspSG4pkM/default.jpg)
![How to monitor windows log using Universal Forwarder](https://i.ytimg.com/vi/6sy9ocLpauc/default.jpg)
![How to install Splunk in Windows 10?](https://i.ytimg.com/vi/plkfiJLUe_w/default.jpg)
![Logrotate](https://i.ytimg.com/vi/0U2RMbzKUCY/default.jpg)
![Downlaod, Install and configure Splunk Enterprise and Splunk Universal Forwarder (Linux and Window)](https://i.ytimg.com/vi/CtyfptaObNs/default.jpg)
![How to Avoid Splunk Upgrade Mistakes - Webinar Replay - Kinney Group](https://i.ytimg.com/vi/5BZmslmQ59M/default.jpg)
![Splunk Configuration files : Fundamentals about props.conf and transforms.conf](https://i.ytimg.com/vi/MIr4vxqoqY4/default.jpg)
![Investigating a Hack with Splunk and the Cyber Kill Chain Part 2](https://i.ytimg.com/vi/sCn6VTvcZ74/default.jpg)
![Creating Alerts in Splunk](https://i.ytimg.com/vi/0REbozaALX0/default.jpg)
![Splunk AWS Add-on : Ingestion of AWS Cloudtrail data in Splunk](https://i.ytimg.com/vi/FH3XGqNaj6E/default.jpg)
![Splunk Founders](https://i.ytimg.com/vi/BCQ4YF3ed-s/default.jpg)
![Using Syslog Sources With Splunk](https://i.ytimg.com/vi/BQU-bsSCXhk/default.jpg)
![Splunk Tutorial: "Creating Dashboards in Splunk Enterprise 6"](https://i.ytimg.com/vi/q1F4J8viBrM/default.jpg)
![Splunk Windows Logs | Splunk on Windows 10 | Event Viewer Logs, CPU & Memory](https://i.ytimg.com/vi/COVb0A9PFtI/default.jpg)
![Splunk Basic : Architecture of Splunk](https://i.ytimg.com/vi/a-_LHJU07VU/default.jpg)
![Splunk REST API modular input | | step by step](https://i.ytimg.com/vi/HmOsXqNtycw/default.jpg)
![10 MUST-HAVE Splunk Apps and Why You Are CRAZY Not to Use Them!](https://i.ytimg.com/vi/O6p5Qxl0ejE/default.jpg)
![Fortinet Syslog to Splunk](https://i.ytimg.com/vi/EUfwokvkCBo/default.jpg)