Installation

How to forward data using squid proxy from HF to indexer?

jawadkhan
Loves-to-Learn

Hi all,

I am trying to implement Splunk in a particular use case. 

Use case I am trying to implement:

HF (configured proxy) > transfer data via internet > indexer

Kind share your knowledge. Further help would be highly appreciated. thanks

Labels (4)
Tags (4)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

Your description is a bit confusing. Please elaborate. What does HF to do with squid? It's a completely separate piece of software.

What do you want to do? Set up your HF to contact your destination indexer via proxy? You want your HF to be hidden behind a reverse-proxy? Something else?

And what's the goal?

0 Karma

jawadkhan
Loves-to-Learn

So the goal I am trying to achieve is that :

I want to forward data from HF which is behind squid proxy to Indexer which is on AWS EC2.

Drill:

HF (VM) -> (TCP9997, HTTP/HTTPS 443,80) Squid proxy -> (TCP997) Indexer.

Thanks

0 Karma

PickleRick
SplunkTrust
SplunkTrust

OK. So your HF's only way to internet is via a proxy server, right?

Unfortunately, s2s is not proxyable with http proxy as far as I know. You can only use socks5 proxy.

You could try to use httpout output to send to a hec port (in fact it's a s2s embedded in http, it's not exactly a hec output as such) and inherit the general proxy settings (https://docs.splunk.com/Documentation/Splunk/9.1.0/Admin/Serverconf#Splunkd_http_proxy_configuration ) but I'm not sure if it will work. But it's your only chance. If it doesn't work - you need to either open your firewall for this particular traffic directly or use socks proxy.

Anyway, if the idea behind allowing only proxied traffic is that "we will do content inspection, hurr, durr", it won't work.

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...