25.09.2021»»суббота

Install Splunk Free On Linux

25.09.2021

Tar xvzf splunk-8.1.0-f1-Linux-x8664.tgz. Once done, you’ll have a new folder called ‘splunk’ in your /home directory. Now, let’s start the Splunk command-line interface (CLI) for the very first time: cd /home/splunk/bin/./splunk start. If you do not want to read the terms, you can also start it by using. Create a domain windows service account for splunk user Create a local user on linux for splunk Create splunk groups in the domain. Identify a SME for each technology add-on you want to deploy and feed into ES. Develop a TA for your data sources and install on the Indexer and Enterprise Security Search Head. Download the latest version of OSSEC and execute the following: tar -zxvf ossec-hids-.tar.gzcd ossec-hids-.sudo./install.sh. Choose the server configuration when you take this step on the Splunk server. Be sure to allow port 1514 (UDP) if you’re using your server firewall so that agents can connect.

Install Splunk Free On Linux Operating System

Linux

After a while it can get tedious to access and review server logs via the command line. There are several tools available that can provide the same information in a graphical manner. Recently I’ve migrated to Splunk as there are both Enterprise and Free versions available.

  1. Of course, you’ll need a Splunk server installed first, as the forwarder is really just another (lighter) instance that will forward the log information to a central location.
  2. Download the system appropriate installer from:
    http://www.splunk.com/download/universalforwarder
  3. Check to see if you are running 32 or 64 bit OS.uname -aIf you see i686 you are 32 bit, if x86_64 you are 64 bit!
  4. Download, you’ll likely need a different version:sudo dpkg -i splunkforwarder-6.1.3-220630-linux-2.6-intel.deb
    or
    sudo dpkg -i splunkforwarder-6.1.3-220630-linux-2.6-amd64.deb
  5. Enable auto-start on reboot:cd /opt/splunkforwarder/bin/

sudo ./splunk enable boot-start

    1. Start the server:sudo service splunk start
    2. Set the password:

      The default ‘admin‘ password is ‘changeme‘ so we need to change it immediately to do anything else, or we will see errors in future steps.

      sudo /opt/splunkforwarder/bin/splunk edit user admin -password YOUR_NEW_PASSWORD -auth admin:changeme

    3. Set the server:sudo /opt/splunkforwarder/bin/splunk add forward-server YOUR_SERVER_ADDRESS:9997

      NOTE: if you get prompted for a splunk username/password you likely skipped the above step. Remember – the forwarder is a new ‘light’ installation of the server and as such has it’s own users!

    4. Enable some monitors on the box:Some common services and log locations to get you started…
      Apache2 HTTPd
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2
      Tomcat7
      sudo /opt/splunkforwarder/bin/splunk add monitor /opt/tomcat7/logs -index main -sourcetype Tomcat7
      MySQL
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/mysql -index main -sourcetype MySQL
      Postfix (SMTP)
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/mail.log -index main -sourcetype Postfix
      Squid3 (Proxy)
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid/access.log -index main -sourcetype Squid3
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid/cache.log -index main -sourcetype Squid3

      SonarQube
      sudo /opt/splunkforwarder/bin/splunk add monitor /opt/sonar/logs -index main -sourcetype Sonar
      PM2
      sudo /opt/splunkforwarder/bin/splunk add monitor /home/{user}/.pm2/logs -index main -sourcetype PM2
      NPM
      sudo /opt/splunkforwarder/bin/splunk add monitor /home/scott/.npm/_logs -index main -sourcetype NPM
  1. (OPTIONAL) Verify configuration by opening file at the following:sudo su
    vi /opt/splunkforwarder/etc/apps/search/local/inputs.conf
    exit
  2. You now should be able to log into your server and see new data flowing from the forwarder.

    NOTE: this requires you to enable ‘receiving’ of data on the port specified above, usually 9997.

Install Splunk Free On Linux Windows 10

REFERENCES:

splunk_install.sh
Install splunk free on linux os
#!/bin/bash
# Make sure only root can run our script
if [ '$(id -u)'!='0' ];then
echo'You need to be 'root' dude.'1>&2
exit 1
fi
clear
. ./setuprc
echo;
echo'####################################################################################################
This script is installing and configuring Splunk for ingestion of the OpenStack logs. Splunk can
be used to debug and monitor your OpenStack configuration. Access it from the following URL:
http://$SG_SERVICE_CONTROLLER_IP:8000/
####################################################################################################
'
echo;
# download
wget -O splunk-6.1.3-220630-Linux-x86_64.tgz 'http://15.126.241.150/splunk-6.1.3-220630-Linux-x86_64.tgz'
# extract, move, cleanup
tar xvfz splunk-6.1.3-220630-Linux-x86_64.tgz
mv splunk /opt/splunk
rm splunk-6.1.3-220630-Linux-x86_64.tgz
# whack on inputs.conf file
echo'
[monitor:///var/log/keystone]
disabled = false
followTail = 0
[monitor:///var/log/nova]
disabled = false
followTail = 0
[monitor:///var/log/glance]
disabled = false
followTail = 0
[monitor:///var/log/cinder]
disabled = false
followTail = 0
[monitor:///var/log/rabbit]
disabled = false
followTail = 0
[monitor:///var/log/mongodb]
disabled = false
followTail = 0
[monitor:///var/log/ceilometer]
disabled = false
followTail = 0
[monitor:///var/log/libvirt]
disabled = false
followTail = 0
'>> /opt/splunk/etc/apps/launcher/default/inputs.conf
# Auto start Splunk on boot
/opt/splunk/bin/splunk enable boot-start --accept-license
# start splunk
/opt/splunk/bin/splunk start --accept-license
echo;
echo'##########################################################################################'
echo;
echo'Splunk setup complete. Continue the setup by doing a './openstack_mysql.sh'.'
echo;
echo'##########################################################################################'
echo;
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Related Posts

 cleardn.ajkernilphamari.co © 2021