Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

New forwarder: An Admin password is required???

dpapenbro
New Member
‎05-22-2018 10:06 AM

Running V7.1, but just Installed a new forwarder and received this response: This appears to be your first time running this version of Splunk. An Admin password must be set before installation proceeds. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:; Is this a new feature? What password is being requested?

Tags (1)
0 Karma
Reply

xpac
SplunkTrust
SplunkTrust
‎05-22-2018 12:20 PM

From v7.1, Splunk requires you to set the admin password, because else people tend to stick with changeme 😉
You can put in whatever password you like, but make sure to remember it.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

Reply

vvedanta
Loves-to-Learn Lots
‎04-18-2019 01:00 PM

when do we even use this forwarder admin/pass?

0 Karma
Reply

mikelanghorst
Motivator
‎04-18-2019 01:30 PM

On a forwarder it's rare that I've used it, other than checking the status of the tailingProcessor and such.

https://www.splunk.com/blog/2011/01/02/did-i-miss-christmas-2.html

0 Karma
Reply

vvedanta
Loves-to-Learn Lots
‎04-19-2019 08:39 AM

So its ok leave it to default in that case?

0 Karma
Reply

maciep
Champion
‎04-19-2019 10:17 AM

I would not leave it default...it may not be used often but it can be exploited for bad things. For example, somebody connecting to it with the default username/password, pointing it to a rogue deployment server, pushing down scripts to run in context of the splunk user and possibly owning the box.

On the UF's, we set a random password for the admin account and disable the management port.

Have a look at this .conf session from a couple years back:
https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data...

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...