All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to Grant SplunkForwarder Service Access to SQL Server

malmiran
Path Finder
‎11-18-2018 04:13 AM

I am using a Splunk add-on for Powershell to connect to SQL Server and run a T-SQL script stored in a .sql file. (For reasons I don't wanna go into right now, SQL add-on using DBConnect is not an option). Anyway, my Powershell approach works perfectly fine if I grant the NT Service\System sysadmin to SQL Server. Otherwise, I get an error saying it doesn't have the right permission to run the query. For security reasons, I really don't want to grant sysadmin to the local system account so I thought that if I create a login for the service name of the SplunkForwarder (i.e. NT Service\SplunkForwarder), I could then grant just the Splunkforwarder service elevated privs. However, I can't seem to make it work. For some reason, it ignores the permissions I grant the SplunkForwarder service name, and continues to use the security context NT Service\System.

Any ideas?

Tags (2)
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-18-2018 06:38 AM

Have you tried to run your powershell script as the user you’ve created using runas or other user impersonation techniques?

0 Karma
Reply

malmiran
Path Finder
‎11-21-2018 04:37 PM

You mean to test? Yeah, I can't impersonate the local service name account (I tried). At any rate, the error I get when I remove the privilege from the SYSTEM account indicates that is what the Splunkforwarder is using.

I'll close this thread. For now, I'm OK with granting SYSTEM view access to SQL given the SQL login already exists.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-18-2018 06:37 AM

Did you restart the forwarder service after changing the runas account in services.msc?

0 Karma
Reply

malmiran
Path Finder
‎11-21-2018 04:30 PM

Yep, I did. Definitely not that. 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...