Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I forward to a vm and forward it out again?

wuming79
Path Finder
‎07-22-2017 08:32 PM

Hi,

how does one forward something like sysmon from 1 vm (guest1) to another vm (guest2) and then out to another pc (outside network)?

Do I install universal forwarder and sysmon on Guest 1, and use deployment server to send out to another PC outside network?

0 Karma
Reply

wuming79
Path Finder
‎07-24-2017 07:15 AM

Is a vmware host-only guest able to forward out data to host??

0 Karma
Reply

wuming79
Path Finder
‎07-23-2017 08:25 PM

I made a mistake installing sysmon on both my guest machines and forwarding sysmon log from guest 1 (Host-only) to guest2 (Host-only and natNetwork) and intermediately forward out to another host. I thought I was looking at the sysmon log from guest 1 but realized I'm not.

How should I set up the input.conf and output.conf on guest2??

0 Karma
Reply

adonio
Ultra Champion
‎07-23-2017 09:27 AM

not sure how Deployment Server comes to play here.
Deployment Server controls the forwarders (and other splunk instances if desired) configurations
i think the only thing you need is to verify there is a connection between all 3 machines guest1, guest2, and PC.
have a forwarder collect sysmon and forward it to guest2, have guest2 listen to TCP inputs and forward out using TCP to PC.
have the PC listen to traffic from guest2 on the desired port and you are all set
hope i understand the question and i am not missing something here.

0 Karma
Reply

wuming79
Path Finder
‎07-23-2017 06:34 PM

Hi, thanks adonio, I realized I only need to setup forwarder twice on both guest machines. No need for deployment server.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...