Installation
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk forwarder in ubuntu

shadowit
Engager
‎11-20-2020 11:35 AM

i have installed Ubuntu & kali on virtualbox. i have installed DVWA application on ubuntu and now i have to install splunk forwarder in ubuntu and capture DVWA application logs when i aattack on dvwa application via kali Vm then Alerts + logs has to generated and sent to Host window 10 where i installed splunk means directly sent to splunk on window10. i wanted to know how to install splunk forwarder and how to configure input config file and output config file and how to add monitor command  and i have tried installing Splunk forwarder but facing difficulty.

Kindly connect and let me know 

 https://www.linkedin.com/in/shadoww-jin-b1b71a192/

 

Labels (1)
Labels
Tags (1)
Reply

inventsekar
SplunkTrust
SplunkTrust
‎11-23-2020 12:54 AM

@nwuest Great and Detailed Answer !.. 

@shadowit .. this may be a biiig task(for a newbie).. you will need to go thru step by step.. (it will be an easy task for a splunk admin actually).. 

As you are linux comfortable guy, its not a big and difficult task. please check the ubuntu Universal Forwarder installation, as listed above. on your progress, if you are struck, please let us know. thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

nwuest
Path Finder
‎11-22-2020 11:43 PM

Hi @shadowit,

Kali VM: Your attack platform

Ubuntu VM: DVWA application
Splunk Universal Forwarder is installed on the Ubuntu machine

  1. "i wanted to know how to install splunk forwarder"
    Check out the following link: Install the universal forwarder on Linux

  2. ".. how to configure an output config file"
    Check out the following link: Configure forwarding with outputs.conf 
    ** This is to be configured on the Splunk Universal Forwarder

  3. Add-on App "Install the *nix app on the Ubuntu VM"
    Check out the following link: Splunk Add-on for Unix and Linux 
    This app will help monitor some applicable logs that will be useful to monitoring your activities with the Kali VM attacking the DVWA.
  4. "how to add monitor command"
    Check out the following link: Monitor files and directories with the CLI 
    This will help you monitor other log files not covered in the *nix app from point 3.

Windows 10: Splunk Enterprise instance set up as an Indexer
Splunk Enterprise installed as an Indexer/SearchHead

  1. Add-on question "How to install Splunk Enterprise"
    Check out the following link: Windows installation instructions 
    Follow these instructions to set up the Windows 10 machine as an Indexer
  2. "how to configure input config file"
    Check out the following link: Configure your inputs 
    ** This is to be configure on the Splunk Enterprise instance set up as an Indexer


We do hope this helps get you on your way @shadowit, do let us know your progress and if this has helped.

V/R,
nwuest

Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top