- Splunk Answers
- :
- Using Splunk
- :
- Splunk Dev
- :
- Stream Addon setup with Netflow from Firewall
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So I have followed the most basic steps to setup the Stream TA within our test environment which is a single deployment instance. Setup the TA and ran the permissions file which seemed to work fine with no errors. I moved the streamfwd.conf file into the local directory of the instance and used the local IP address, the port for receiving that Netflow will be pointing to as well as the source being Netflow data. Restart Splunk as it seems this is the basic setup for ingesting Netflow data that is being sent to the server. Is this a correct assumption? I notice though that the port that i'm assuming should be listening is not when running a netstat and I have seen a couple questions on here regarding this issue of the port not listening after configuration - what am i missing with this? Is there further configuration from the Splunk side to get this going?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.
Rough steps **
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got this working - instructions for the Stream application/addon are a bit confusing as you have to use portions of each of the setups to get this going.
Steps :
Run permissions
Copy the Streamfwd.conf to the local directory within the addon
Make configuration changes in the streamfwd.conf file for netflow
Configure the http_input file for netflow using the same configuration key as the streamfwd.conf
Enable netflow through the GUI in the stream app
Enable stream through the output file in the default directory.
Rough steps **
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...
