Deployment Architecture

SSH login gets disable whenever splunk forwarder starts

New Member

Dear Concern,

We have a distributed environment of Splunk, where we forward data to indexer via heavy forwarders. Also we have a deployment server which control the operation as well as the changes done on all forwarders centrally.

We came to know one strange issue, we received a couple of new fresh boxes and when we install forwarders on it, after few seconds when it sync back to deployment server, we can't able to SSH to those servers from deployment servers.

So, whenever we start slunkd service on those server, SSH login gets disabled from deployment server. We need these connectivity as to push new config changes and managing purpose.

SSH login won't allow untill we kill the splunk forwarder service.

Let me know if anyone face the issue same ? Let me know if your need anything more here...

Thanks in Advance.

0 Karma

Path Finder

I would recommend always running Splunk as the Splunk User. This way Splunk is controlled by a completely different user than everything else in the system. Make sure to have all files and directory to be set to splunk for the user owner and splunk for the group owner.

This should make it so the Splunk service should not affect any other service on the system.

0 Karma

Path Finder

What user do you have Splunk UF running as?

0 Karma

New Member

We used Jboss user across environment and having a password less auth everywhere.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!