New forwarder: An Admin password is required???

dpapenbro · ‎05-22-2018

Running V7.1, but just Installed a new forwarder and received this response: This appears to be your first time running this version of Splunk. An Admin password must be set before installation proceeds. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:; Is this a new feature? What password is being requested?

xpac · ‎05-22-2018

From v7.1, Splunk requires you to set the admin password, because else people tend to stick with changeme 😉
You can put in whatever password you like, but make sure to remember it.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

vvedanta · ‎04-18-2019

when do we even use this forwarder admin/pass?

mikelanghorst · ‎04-18-2019

On a forwarder it's rare that I've used it, other than checking the status of the tailingProcessor and such.

https://www.splunk.com/blog/2011/01/02/did-i-miss-christmas-2.html

vvedanta · ‎04-19-2019

So its ok leave it to default in that case?

maciep · ‎04-19-2019

I would not leave it default...it may not be used often but it can be exploited for bad things. For example, somebody connecting to it with the default username/password, pointing it to a rogue deployment server, pushing down scripts to run in context of the splunk user and possibly owning the box.

On the UF's, we set a random password for the admin account and disable the management port.

Have a look at this .conf session from a couple years back:
https://conf.splunk.com/files/2016/recordings/universal-forwarder-security-dont-input-more-than-data...

New forwarder: An Admin password is required???

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!