Getting Data In

What is the security measures that i should take when introducing universal forwarder on a production environment?

royimad
Builder

Hello Splunkies,

I need to know what are the security measures that is should take if i want to introduce universal forwarder on a production environment to forward data to splunk instance on another machine.

Thanks,
Roy

Tags (1)
1 Solution

kristian_kolb
Ultra Champion

You may want to encrypt the log traffic with proper SSL-keys, and not the ones that come by default.

Change the splunk password from 'changeme' into something else.

You might consider Forwarder Acknoledgement, to ensure that data gets written to index.

http://docs.splunk.com/Documentation/Splunk/latest/Security/WhatyoucansecurewithSplunk

/K

View solution in original post

dshpritz
SplunkTrust
SplunkTrust

Drainy
Champion

Its worth adding that if you install Splunk via the rpm on linux it will handle this for you

kristian_kolb
Ultra Champion

You may want to encrypt the log traffic with proper SSL-keys, and not the ones that come by default.

Change the splunk password from 'changeme' into something else.

You might consider Forwarder Acknoledgement, to ensure that data gets written to index.

http://docs.splunk.com/Documentation/Splunk/latest/Security/WhatyoucansecurewithSplunk

/K

View solution in original post

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.