Hi,
I have installed Splunk Enterprise Server and forwarder on two different Windows machines.
I would like to configure my forwarder to monitor the logs on a Linux machine without installing the forwarder on that machine. Is that allowed in Splunk? Could you please direct me to the right documentation on this?
Ex:
Windows Machine A - Splunk Enterprise Server
Windows Machine B - Forwarder installed and mapped to Machine A
Linux Machine C - Actual Server that needs to be monitored in Splunk
Thanks
The Splunk forwarder needs to be able to see the log files from the filesystem. So if you can mount the Linux filesystem so that it can be read from Windows Machine B, then it might work okay. The account that is running the forwarder on Windows Machine B may need elevated domain privileges to access the files from Linux Machine C. Performance might not be great, as you are reaching across the network to monitor files.
If that doesn't work, then you might be forced to follow the Splunk Best Practice: install a forwarder on Linux Machine C.
Also, the forwarder on any machine should run with the fewest privileges possible. On Linux Machine C, the forwarder could run as any user that has sufficient privileges to read the log files. root
should not be used and no domain privileges will be needed by the forwarder on Linux Machine C.
The Splunk forwarder needs to be able to see the log files from the filesystem. So if you can mount the Linux filesystem so that it can be read from Windows Machine B, then it might work okay. The account that is running the forwarder on Windows Machine B may need elevated domain privileges to access the files from Linux Machine C. Performance might not be great, as you are reaching across the network to monitor files.
If that doesn't work, then you might be forced to follow the Splunk Best Practice: install a forwarder on Linux Machine C.
Also, the forwarder on any machine should run with the fewest privileges possible. On Linux Machine C, the forwarder could run as any user that has sufficient privileges to read the log files. root
should not be used and no domain privileges will be needed by the forwarder on Linux Machine C.