Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to skip the authentication requirement when a universal forwarder is installed?

pdantuuri0411
Explorer
‎04-02-2019 07:47 AM

Whenever a new universal forwarder is installed, authentication is required which by default are admin/changeme.

Is there a way to skip this authentication process every time a new forwarder is installed?

Regards,
Pradeep

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎04-02-2019 02:06 PM

Yes, you can pass it the GENRANDOMPASSWORD=1 argument (Windows) OR --gen-and-print-passwd argument (*nix) to the installer and it will generate a random password which you do not need to capture/remember (it is easy enough to reset/override if you need to later).
Also, you can supply the credentials (either in the clear or hashed) using $SPLUNK_HOME/etc/system/local/user-seed.conf and using the --no-prompt command line option when running the first time:

[user_info]
USERNAME = admin
PASSWORD =
HASHED_PASSWORD =

Or use --seed-passwd OR --gen-and-print-passwd (mentioned earlier) as part of the arguments. Either way the documentation is found here:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Secureyouradminaccount#Create_admin_cre...

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎04-02-2019 02:06 PM

Yes, you can pass it the GENRANDOMPASSWORD=1 argument (Windows) OR --gen-and-print-passwd argument (*nix) to the installer and it will generate a random password which you do not need to capture/remember (it is easy enough to reset/override if you need to later).
Also, you can supply the credentials (either in the clear or hashed) using $SPLUNK_HOME/etc/system/local/user-seed.conf and using the --no-prompt command line option when running the first time:

[user_info]
USERNAME = admin
PASSWORD =
HASHED_PASSWORD =

Or use --seed-passwd OR --gen-and-print-passwd (mentioned earlier) as part of the arguments. Either way the documentation is found here:
https://docs.splunk.com/Documentation/Splunk/latest/Security/Secureyouradminaccount#Create_admin_cre...

0 Karma
Reply
Solved! Jump to solution

pdantuuri0411
Explorer
‎04-03-2019 11:22 AM

Thank you @woodcock for the reply.

Where should the argument be passed? We usually just unzip the tar file to install the forwarder.

Regards

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎10-28-2019 09:46 AM

See my updated answer, @pdantuuri0411 and come back and click Accept to close the question.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 1 release of new security content via the ...

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...