Getting Data In
Highlighted

What is the security measures that i should take when introducing universal forwarder on a production environment?

Builder

Hello Splunkies,

I need to know what are the security measures that is should take if i want to introduce universal forwarder on a production environment to forward data to splunk instance on another machine.

Thanks,
Roy

Tags (1)
Highlighted

Re: What is the security measures that i should take when introducing universal forwarder on a production environment?

Ultra Champion

You may want to encrypt the log traffic with proper SSL-keys, and not the ones that come by default.

Change the splunk password from 'changeme' into something else.

You might consider Forwarder Acknoledgement, to ensure that data gets written to index.

http://docs.splunk.com/Documentation/Splunk/latest/Security/WhatyoucansecurewithSplunk

/K

View solution in original post

Highlighted

Re: What is the security measures that i should take when introducing universal forwarder on a production environment?

SplunkTrust
SplunkTrust
Highlighted

Re: What is the security measures that i should take when introducing universal forwarder on a production environment?

Champion

Its worth adding that if you install Splunk via the rpm on linux it will handle this for you