How to get data in from DMZ servers?

Lwoods · ‎06-14-2023

Hello,

I have a few Linux devices that are located within the DMZ. My 3 Splunk servers (Search Head, Indexer, Deployment) are inside my network. I've installed the forwarders on my dmz servers, and set up the set-poll-deployment command (myserver.com:8089) to ensure it's pointing to the deployment server. There is no communication from the dmz servers to the deployment server

I did 2 tests:

1. I was able to connect from 1 dmz server to the deployment server. Result: Connection good.

2. I was not able to connect from the deployment server to the dmz server: Result: Connection refused

Are there other options to get the dmz servers to connect?

Thanks

Lwoods · ‎06-15-2023

I had ports 8089, and 9997 opened on the firewall. What is the Linux command to test the connection from the DMZ server to the Deployment server?

richgalloway · ‎06-14-2023

There is no need for the DS to connect to the DMZ server. Forwarders always initiate communication with the DS.

You also, however, need to ensure the forwarder can communicate with the indexer.

---
If this reply helps you, Karma would be appreciated.

Lwoods · ‎06-15-2023

I had ports 8089, and 9997 opened on the firewall. What is the Linux command to test the connection from the DMZ server to the Deployment server?

richgalloway · ‎06-15-2023

You can use telnet, curl, nc, or even cat.

---
If this reply helps you, Karma would be appreciated.

How to get data in from DMZ servers?

universal forwarder

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

How to get data in from DMZ servers?

universal forwarder

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition