Security

Can I disable the Management Port 8089 in a Light Forwarder?

mzorzi
Splunk Employee
Splunk Employee

Due to internal secure policies the mgmPort must be disabled: I don't want anything to be able to talk through any port of my Light Forwarder, instead I want it to be an output-only box.

In term of security, if you don't use a component, always better to disable it.

Is it possible to suppress this functionality?

1 Solution

mzorzi
Splunk Employee
Splunk Employee

In the file:
$SPLUNK_HOME/etc/system/local/server.conf

add the entry:

[httpServer]
disableDefaultPort = true

Then restart Splunk.

View solution in original post

dwalgamotte
New Member

can forwarders still receive updates from the deployment server if the daemon is off?

0 Karma

yarick
Path Finder

Yes, because it is a pull-type of connection.

0 Karma

drrushi_splunk
Splunk Employee
Splunk Employee

In addition once you set 'disableDefaultPort=true' you will notice that upon start/restart Splunk will still check on the availability of the management port. This does NOT mean that it will use the port eventually.

Note: You will not be able to run successfully CLI admin commands as they retrieve information from Splunk's endpoint using the management port.

mzorzi
Splunk Employee
Splunk Employee

In the file:
$SPLUNK_HOME/etc/system/local/server.conf

add the entry:

[httpServer]
disableDefaultPort = true

Then restart Splunk.

Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...