![]() ![]() Enable some monitors on the box:Some common services and log locations to get you started…Īpache2 HTTPd sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2 Tomcat7 sudo /opt/splunkforwarder/bin/splunk add monitor /opt/tomcat7/logs -index main -sourcetype Tomcat7 MySQL sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/mysql -index main -sourcetype MySQL Postfix (SMTP) sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/mail.log -index main -sourcetype Postfix Squid3 (Proxy) sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid/access.log -index main -sourcetype Squid3 sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid/cache.log -index main -sourcetype Squid3.Remember – the forwarder is a new ‘light’ installation of the server and as such has it’s own users! NOTE: if you get prompted for a splunk username/password you likely skipped the above step. Set the server: sudo /opt/splunkforwarder/bin/splunk add forward-server YOUR_SERVER_ADDRESS:9997.Sudo /opt/splunkforwarder/bin/splunk edit user admin -password YOUR_NEW_PASSWORD -auth admin:changeme ![]() The default ‘ admin‘ password is ‘ changeme‘ so we need to change it immediately to do anything else, or we will see errors in future steps. Start the server: sudo service splunk start.Enable auto-start on reboot: cd /opt/splunkforwarder/bin/.Download, you’ll likely need a different version: sudo dpkg -i splunkforwarder-6.1.uname -aIf you see i686 you are 32 bit, if x86_64 you are 64 bit! Check to see if you are running 32 or 64 bit OS.Download the system appropriate installer from:.Of course, you’ll need a Splunk server installed first, as the forwarder is really just another (lighter) instance that will forward the log information to a central location.Recently I’ve migrated to Splunk as there are both Enterprise and Free versions available. There are several tools available that can provide the same information in a graphical manner. After a while it can get tedious to access and review server logs via the command line. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |