Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk forwarder in ubuntu

shadowit
Engager
‎11-20-2020 11:35 AM

i have installed Ubuntu & kali on virtualbox. i have installed DVWA application on ubuntu and now i have to install splunk forwarder in ubuntu and capture DVWA application logs when i aattack on dvwa application via kali Vm then Alerts + logs has to generated and sent to Host window 10 where i installed splunk means directly sent to splunk on window10. i wanted to know how to install splunk forwarder and how to configure input config file and output config file and how to add monitor command  and i have tried installing Splunk forwarder but facing difficulty.

Kindly connect and let me know 

 https://www.linkedin.com/in/shadoww-jin-b1b71a192/

 

Labels (1)
Labels
Tags (1)
Reply

inventsekar
SplunkTrust
SplunkTrust
‎11-23-2020 12:54 AM

@nwuest Great and Detailed Answer !.. 

@shadowit .. this may be a biiig task(for a newbie).. you will need to go thru step by step.. (it will be an easy task for a splunk admin actually).. 

As you are linux comfortable guy, its not a big and difficult task. please check the ubuntu Universal Forwarder installation, as listed above. on your progress, if you are struck, please let us know. thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

nwuest
Path Finder
‎11-22-2020 11:43 PM

Hi @shadowit,

Kali VM: Your attack platform

Ubuntu VM: DVWA application
Splunk Universal Forwarder is installed on the Ubuntu machine

  1. "i wanted to know how to install splunk forwarder"
    Check out the following link: Install the universal forwarder on Linux

  2. ".. how to configure an output config file"
    Check out the following link: Configure forwarding with outputs.conf 
    ** This is to be configured on the Splunk Universal Forwarder

  3. Add-on App "Install the *nix app on the Ubuntu VM"
    Check out the following link: Splunk Add-on for Unix and Linux 
    This app will help monitor some applicable logs that will be useful to monitoring your activities with the Kali VM attacking the DVWA.
  4. "how to add monitor command"
    Check out the following link: Monitor files and directories with the CLI 
    This will help you monitor other log files not covered in the *nix app from point 3.

Windows 10: Splunk Enterprise instance set up as an Indexer
Splunk Enterprise installed as an Indexer/SearchHead

  1. Add-on question "How to install Splunk Enterprise"
    Check out the following link: Windows installation instructions 
    Follow these instructions to set up the Windows 10 machine as an Indexer
  2. "how to configure input config file"
    Check out the following link: Configure your inputs 
    ** This is to be configure on the Splunk Enterprise instance set up as an Indexer


We do hope this helps get you on your way @shadowit, do let us know your progress and if this has helped.

V/R,
nwuest

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...

Customer success is front and center at .conf25

Hi Splunkers, If you are not able to be at .conf25 in person, you can still learn about all the latest news ...