Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to restrict or secure the license network flow from license slave to license master?

splunkreal
Motivator
‎05-11-2017 08:27 AM

Hello guys,

is it possible to restrict Splunk or the network flow from a license slave to license master?

Both licensing and Splunk API are using TCP:8089, we would like to only allow licensing network flows as the slave will be outside our organization.

Thanks.

* If this helps, please upvote or accept solution 🙂 *
Reply

ischoenmaker
Explorer
‎11-07-2018 12:49 AM

So you want to allow someone to access your license but don't connect in any other way?

To make it airtight you would need something like an API gateway and only certain REST calls (regarding license) to 8089.

Things to take in consideration.
By default the LM allows any license slave that is able to connect to 8089 to use your license. May not be smart to open this for the world.

You can protect this by changing your pool to only allow predefined licenseslaves. These are identified by the machine GUID. You can either collect all the GUIDs beforehand or keep a small pool open for all slaves to connect. After one connect you can then use the GUI to add a new slave to your 'full' pool.

0 Karma
Reply

adonio
Ultra Champion
‎05-11-2017 11:08 AM

is this what you are trying to achieve? https://answers.splunk.com/answers/67/how-do-i-change-the-ports-that-splunk-listens-on.html
if i misunderstood, can you elaborate on the problem you are trying to solve?

0 Karma
Reply

splunkreal
Motivator
‎05-12-2017 12:30 AM

No, just allow license traffic not management/API. Thanks.

* If this helps, please upvote or accept solution 🙂 *
0 Karma
Reply

adayton20
Contributor
‎05-12-2017 05:46 AM

Fairly certain you cannot do what you're referring to as it would involve changing the internal workings of how Splunk uses the management port to communicate between other Splunk components.

Since the slave is outside the organization, and based on your question in the title of your post, your best option would likely be encrypting that communication. You can secure the communication between the slaves and license master by configuring SSL in server.conf.
http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/AboutsecuringyourSplunkconfigurationwithS...

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...