Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Does FIPS apply to forwarders?

DaClyde
Contributor
‎02-06-2015 01:44 PM

I have now re-installed Splunk on both my search head and indexer to enable FIPS, and after a maddening week of frustration, finally have them talking to each other again. Now I need to get my forwarders secured with their own certificates. Does the same splunk-launch.conf edit to enable FIPS apply to the forwarders like it does to the indexer and search head?

The documentation relating to the FIPS implementation is frustratingly sparse.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jworthington_sp
Splunk Employee
Splunk Employee
‎02-06-2015 02:29 PM

Yes, you should be able to use the exact same process (re-install, make launch.conf edit) on your forwarders to turn on FIPs and get everything communicating properly.

And thanks for pointing out that the FIPs docs could use a little improvement, I'll get to work on those improvements.

Thanks!

View solution in original post

Reply
Solved! Jump to solution

dolivasoh
Contributor
‎02-06-2015 02:30 PM

It's safe to assume it does. Forwarders as just scaled down versions of Splunk so the configurations are mostly universal.

0 Karma
Reply
Solved! Jump to solution
Solution

jworthington_sp
Splunk Employee
Splunk Employee
‎02-06-2015 02:29 PM

Yes, you should be able to use the exact same process (re-install, make launch.conf edit) on your forwarders to turn on FIPs and get everything communicating properly.

And thanks for pointing out that the FIPs docs could use a little improvement, I'll get to work on those improvements.

Thanks!

Reply
Solved! Jump to solution

jworthington_sp
Splunk Employee
Splunk Employee
‎02-09-2015 04:14 PM

To the best of my knowledge, you must reinstall. I'm not aware of anyone else having success otherwise, so it remains our best practice for the moment. I'm glad you were able to get it up and running successfully! For purposes of improving the docs, I'll definitely investigate some of the information you've provided.

Glad it worked, thanks for letting us know!

Reply
Solved! Jump to solution

DaClyde
Contributor
‎02-09-2015 02:21 PM

I re-installed one of my forwarders, enabled FIPS and everything is fine. On a second, instead of re-installing, I just tried enabling FIPS, adding my certs and restarting the service, and I can't tell any difference. By all appearances, it is now using FIPS, is talking to my deployment server and is forwarding to my indexer.

Does enabling FIPS require a re-install on a forwarder, or can it simply be enabled? I guess I'm curious as to what the change is that requires the reinstall when enabling FIPS. Need I even have re-installed Splunk on my search-head and indexer? The documentation just says it is necessary, but doesn't give any rationale.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...