viernes, 9 de septiembre de 2011

Splunk en Debian 6.0 Squeeze

Descargamos el paquete de splunk desde la pagina, previamente registrandonos:

wget -O splunk-4.2.3-105575-linux-2.6-intel.deb 'http://www.splunk.com/index.php/download_track?file=4.2.3/splunk/linux/splunk-4.2.3-105575-linux-2.6-intel.deb&ac=&wget=true&name=wget&typed=releases'



Instalamos el paquete:

dpkg -i splunk-4.2.3-105575-linux-2.6-intel.deb


Selecting previously deselected package splunk.
(Reading database ... 22518 files and directories currently installed.)
Unpacking splunk (from splunk-4.2.3-105575-linux-2.6-intel.deb) ...
Setting up splunk (4.2.3-105575) ...
----------------------------------------------------------------------
Splunk has been installed in:
/opt/splunk

To start Splunk, run the command:
/opt/splunk/bin/splunk start

To use the Splunk Web interface, point your browser at:
http://192.168.1.1:8000

Complete documentation is at http://www.splunk.com/r/docs
----------------------------------------------------------------------


Iniciamos el splunk:

/opt/splunk/bin/splunk start
Do you agree with this license? [y/n]: y



http://192.168.1.1:8000
user: admin
pass: changeme

Ingresamos nuevo pass: cambiame


Descargamos el Forwarder para el Windows:

Add data
Windows event logs
Download the universal forwarder
splunkforwarder-4.2.2-101277-x86-release.msi
(Cliente para: Windows XP, 2003, Vista, Windows 7, 2008)



Instalacion del Universal Fordwarder:

Next
I accept -> Next -> Next
ip: vacio port: vacio (Default: 8089)
Next
192.168.1.1 (port default: 9997)
Next
Local Data Only
Application log
Next
Install
Finish


Agregamos el puerto en el que recibiremos la data:

Manager » Forwarding and receiving » Receive data » Add New
9997 >> Save


Verificamos que el puerto 9997 esta escuchando en el server:

www:~# netstat -ano | grep 9997
tcp 0 0 0.0.0.0:9997 0.0.0.0:* LISTEN off (0.00/0/0)



En caso de tener un firewall corriendo agregamos las siguientes entradas:

www:~# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 9997 -j ACCEPT
www:~# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT
www:~# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8089 -j ACCEPT
Publicado por en
Etiquetas: , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)