goglsong.blogg.se - Splunk server conf

Splunk server conf how to#
Splunk server conf install#

To make sure that root partition is not running out of space, the following settings are required Make sure that the index airlock already exists in your Splunk server configuration.Ĭonfigure logging for Splunk universal forwarder

Open the file /opt/splunkforwarder/etc/system/local/nf and append the following monitoring points in the configuration file.

SslCertPath = /opt/splunkforwarder/etc/auth/server.pem SslRootCAPath = /opt/splunkforwarder/etc/auth/cacert.pem # vi /opt/splunkforwarder/etc/system/local/nf Change the parameter with the appropriate value (e.g.

Create the configuration file /opt/splunkforwarder/etc/system/local/nf with the content shown below.

# vi /opt/splunkforwarder/etc/system/local/nfĬonfigure the Splunk Universal Forwarder to send the correct data to the Splunk server.

Open the file /opt/splunkforwarder/etc/system/local/nf in vi and search for section.

If they are not configured properly, change the parameter with Airlock's FQDN (e.g. The following parameters should be detected and configured automatically after the first start of Splunk daemon. # /opt/splunkforwarder/bin/splunk enable boot-start -user splunk

Execute the following commands as root in a shell # /opt/splunkforwarder/bin/splunk start -accept-license.

Splunk server conf how to#

The steps below describe how to start Splunk daemon to create default configuration files and enable Splunk Universal Forwarder to start on system startup.

Splunk server conf install#

# /usr/bin/yum -y install splunkforwarder

Open a secure shell to Airlock, login as user root and perform the following steps (according to this article):# airlock-custom-repo -update.Copy the Splunk Universal Forwarder to /var/airlock/repositories/airlock-custom/Packages/ using scp.To create this installation guide, version "splunkforwarder-6.0-182037-linux-2.6-x86_64.rpm" has been used. Use the version "2.6+ kernel Linux distributions (64-bit)". Download Splunk Universal Forwarder from Splunk website.This allows a smooth integration into Splunk server. This article describes the necessary steps to install and configure the Splunk Universal Forwarder on Airlock. Splunk is a powerful solution which allows to generate graphs, reports, alerts, dashboards and visualizations.