Getting Data In

Is there a way to skip the authentication requirement when a universal forwarder is installed?

pdantuuri0411
Explorer

Whenever a new universal forwarder is installed, authentication is required which by default are admin/changeme.

Is there a way to skip this authentication process every time a new forwarder is installed?

Regards,
Pradeep

0 Karma
1 Solution

woodcock
Esteemed Legend

Yes, you can pass it the GENRANDOMPASSWORD=1 argument (Windows) OR --gen-and-print-passwd argument (*nix) to the installer and it will generate a random password which you do not need to capture/remember (it is easy enough to reset/override if you need to later).
Also, you can supply the credentials (either in the clear or hashed) using $SPLUNK_HOME/etc/system/local/user-seed.conf and using the --no-prompt command line option when running the first time:

[user_info]
USERNAME = admin
PASSWORD =
HASHED_PASSWORD =

Or use --seed-passwd OR --gen-and-print-passwd (mentioned earlier) as part of the arguments. Either way the documentation is found here:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Secureyouradminaccount#Create_admin_cre...

View solution in original post

0 Karma

woodcock
Esteemed Legend

Yes, you can pass it the GENRANDOMPASSWORD=1 argument (Windows) OR --gen-and-print-passwd argument (*nix) to the installer and it will generate a random password which you do not need to capture/remember (it is easy enough to reset/override if you need to later).
Also, you can supply the credentials (either in the clear or hashed) using $SPLUNK_HOME/etc/system/local/user-seed.conf and using the --no-prompt command line option when running the first time:

[user_info]
USERNAME = admin
PASSWORD =
HASHED_PASSWORD =

Or use --seed-passwd OR --gen-and-print-passwd (mentioned earlier) as part of the arguments. Either way the documentation is found here:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Secureyouradminaccount#Create_admin_cre...

0 Karma

pdantuuri0411
Explorer

Thank you @woodcock for the reply.

Where should the argument be passed? We usually just unzip the tar file to install the forwarder.

Regards

0 Karma

woodcock
Esteemed Legend

See my updated answer, @pdantuuri0411 and come back and click Accept to close the question.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...