All Apps and Add-ons

Obfuscating passwords with credentials.pl and Splunk for VMware

colinj
Path Finder

Howdy all,

As I work my way through the installation and configuration documentation for Splunk for VMware I've run in to a problem. I'm trying to follow the instructions for obfuscating the passwords but I'm running in to some problems.

The instructions talk about an engine.conf file which doesn't seem to exist in version 2.0. I have an engine.template file and then all of the files that are generated by enginebuilder.py based on that template file.

Do I need to create individual credential files for each configuration file I have and then concatenate them together? Is there some way I can use the engine.template file? I've tried this and credentials.pl doesn't seem to like it.

Thoughts and suggestions are welcome

0 Karma

roychen
Path Finder

Hi,

Guess this answer is a little late, but I ran into the same problem while setting up the the FAVM for the Splunk App for VMware 2.0.

I had 4 engine*.conf files generated by enginebuilder.py:

enginetaskeventlogs.conf
engineperf.conf
engineinvvc1.conf
enginehierarchy.conf

I managed to create a combined credentials.conf file by doing:

credentials.pl -f enginetaskeventlogs.conf engineperf.conf engineinvvc1.conf enginehierarchy.conf -c

If you run credentials.pl --help, you'll see that it accepts multiple inputs.

Don't forget to remove all username and password entries from each stanza in each engine*.conf file, then restart Splunk on the FAVM.

Hope this helps!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...