![]() # Adds the monitoring of var/log/syslog (relatively important for monitoring linux (ubuntu) servers) splunk must be stopped for it to be enabled splunk enable boot-start seems to not be working here. Random password can be found in script output if you wish to take note of it # Generates random password for admin account. Exiting script.\n"Įcho -e "\nSplunk files successfuly downloaded\n" Wget -O splunkforwarder-9.0.0-6818ac46f2ec-Linux-x86_64.tgz "" &> /dev/nullĮcho -e "Failed to download file. Sudo /opt/splunkforwarder/bin/splunk stopĮcho -e "\nUser chose to not overwrite existing version of Splunk\n" Read -p "A version of Splunk is already installed. allows you to run script again to reinstall # This will check for/delete the installation of splunk forwarder if there already is one installed. Read -p "Enter deployment server name: " depservĮcho "User does not have a deployment server"Įcho "Please enter 'y' for yes or 'n' for no: " Read -p "Do you have a Splunk Deployment Server? (y/n) " dep Read -p "Please enter the name of Splunk server you will be forwarding your logs to: " serv # You also may need to change the port #'s if you chose to not use the splunk default ports in your environment Comment out this section and replace with $serv and $depserv with hardcoded variables below if you choose to omit Can't really seem to figure out why this is happening or if its something i did that messed up the filesystem of the desktop I am working on. splunk restart command - and then the restart command hangs and never finishes. Before running it outputs: "Warning: Attempting to revert the SPLUNK_HOME ownership" and "Warning: Executing "chown -R root /opt/splunkforwarder" before the. I am running into an issue with enabling boot-start or doing any of the. Sometimes these credentials are nice to So I did some tweaking with your comments and landed on this. Bonus points for capturing error states and removing the package on abnormal exit (but to be quite honest I'm usually too lazy to implement it myself).ħ) btool might need them (especially if you want to run it without direct sudo/su to the user running the forwarder. You just need to be able to write a file in the destination directory.ģ) The "pretty" solution would be to use mktemp to create a temporary directory (probably somewhere in /tmp) and delete it at the end of the script. Where are elevated privileges needed here? Nowhere. If it was my script and it was meant to be universal I'd do a conditional check for existence of old forwarder and a command-line switch to force removal in case of pre-existing dir.Ģ) Sure it doesn't it simply connects to a server and pulls a file from there. It's just that I'm already old and grumpy and like well-written stuff so I point out what can be done better.ġ) No. #adds the deployment server for managing the newly created instance (optional but defnitely should use a deployment server)Įcho "" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfĮcho "targetUri = NAME_OF_DEPLOYMENT_SERVER:8089" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfįirst things first - it's not to say that the script does 't work or anything like that. optional however and can be configuredĮcho "" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfĮcho "disabled = 0" | sudo tee -a /opt/splunkforwarder/etc/system/local/nf #adds the monitoring of var/log/syslog (relatively important for monitoring linux (ubuntu) servers. #Adds the instance of where you are going to be forwarding your logsĮcho "" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfĮcho "defaultGroup = default-autolb-group" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfĮcho "[tcpout:default-autolb-group" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfĮcho "disabled = false" | sudo tee -a /opt/splunkforwarder/etc/system/local/nfĮcho "server = NAME_OF_YOUR_SPLUNK_SERVER:9997" | sudo tee -a /opt/splunkforwarder/etc/system/local/nf splunk start -accept-license -no-prompt -gen-and-print-passwd # generates random password for admin account # Edit this section to get the most recent up to date wget command for downloading splunk forwarder # This will delete the installation of splunk forwarder if there already is one installed. In case this may be useful to anyone who comes across this thread in the future #!/bin/bash ![]() This is an old version of a script I use to install splunk forwarder on Linux (ubuntu) servers and connect up to a splunk enterprise instance and deployment server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |