Splunk Installation
- Feb
- 13
- Posted by TKH Specialist
- Posted in History, Logging, System Administration
Fairly short and sweet to get the agent installed; details are below.
1) Install the appropriate package from a designated and trusted source:
2) The default installation path, ${INSTALL_PATH} = /opt/splunkforwarder
3) Next, create a file with the path /opt/splunkforwarder/etc/system/local/deploymentclient.conf with the contents:
[deployment-client] [target-broker:deploymentServer] targetUri = splunkdeploy.uits.uconn.edu:8089
4) Run the following (supplying your own randomized password; note that it will never be used).
/opt/splunkforwarder/bin/splunk edit user admin -password 'NeverUsedButMustBeSet9x83qmw2304e9hf' -auth admin:changeme
5) Make the init script:
/opt/splunkforwarder/bin/splunk enable boot-start -user splunk
6) Set the proper permissions:
setfacl -Rm d:splunk:rwx,u:splunk:rwx /opt/splunkforwarder/var setfacl -Rm d:splunk:rwx,u:splunk:rwx /opt/splunkforwarder/etc
7) Once created, start splunk. $ service splunk start
8) Finally, send the following information to your Splunk Admin:
- Hostname of the server
- IP of the server (both internal IP and the external IP if NAT is involved)
- Paths to be collected (with wildcards where appropriate)
Post Tagged with Analysis, Best Practices, Forensics, Logging, Monitoring, Splunk, System Administration, troubleshooting
Recent Comments
- Stefan on Flush This!
- Timestamping your Bash History | Matt's Entropy on Remember when you issued that command…?
- Matt Smith on Remember when you issued that command…?
- Ruan on Putting ‘lsof’ to use
- Dylan F. Marquis on External Mapping of LDAP attributes in CAS