-
Notifications
You must be signed in to change notification settings - Fork 366
Expand file tree
/
Copy pathlab-2-splunk-config.sh
More file actions
36 lines (29 loc) · 1.29 KB
/
lab-2-splunk-config.sh
File metadata and controls
36 lines (29 loc) · 1.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#-----------------------------------------------------------------------------
# Install/configure dependencies, download and install Splunk.
#-----------------------------------------------------------------------------
$ sudo timedatectl set-timezone UTC
$ sudo yum -y install wget
$ wget -O splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.4.1&product=universalforwarder&filename=splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm&wget=true'
$ sudo rpm -ivh splunkforwarder-6.4.1-debde650d26e-linux-2.6-x86_64.rpm
#---------------------------
# Configure Splunk.
#---------------------------
#Configure outputs:
echo "[tcpout]
defaultGroup = dso-autolb-group
[tcpout:dso-autolb-group]
disabled = false
dropEventsOnQueueFull = 10
server = appliance:9997
sslCertPath = \$SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = \$SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false
useACK = false" | sudo tee /opt/splunkforwarder/etc/system/local/outputs.conf
# Configure inputs:
echo "[default]
host = \$decideOnStartup
[monitor:///home/ec2-user/railsgoat/log/]
recursive=true
[monitor:///var/log/]
recursive=true" | sudo tee /opt/splunkforwarder/etc/system/local/inputs.conf