Getting Data In

Remote Authentication - Forwarder not sending from internet to PC with DDNS

Communicator

Hello,

I am setting up a test lab with Splunk. As I have a VPS (Virtual Private Server) for web hosting I thought it would be a good idea to have some data from a source external to my LAN.

I installed the Universal Forwarder on my VPS, when doing so and setting the Indexer it would not let me enter the correct username and password so I had to set admin:changeme. On my LAN port forwarding is configured and DUC client from NO-IP is installed on the Splunk box, but nothing is being indexed.

Running a netstat on my Splunk box can see active connections from VPS to the Splunk box on port 9997, which is correct as I configured on the forwarder.

The only thing that I can think of is that auth is failing? but how can I fix this if it won't let me set the correct credentials on the forwarder? it fails straight away and looks like it doesn't even query the remote indexer.

Would appreciate any help

Thanks
Guy

0 Karma
1 Solution

Communicator

Logged in to the Universal Forwarder, then changed the password. Following this and installing the Unix app on the forwarder it worked great!

All good

View solution in original post

0 Karma

Communicator

Logged in to the Universal Forwarder, then changed the password. Following this and installing the Unix app on the forwarder it worked great!

All good

View solution in original post

0 Karma