Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Dev
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Apps & Add-ons
- :
- Splunk Development
- :
- Splunk Dev
- :
- Re: How to create a serverclass.conf file to contr...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to create a serverclass.conf file to control the configuration of the Exchange App deployment
seanyoung
Engager
08-23-2011
08:48 PM
I'm looking for a sample a serverclass.conf file, to help me create one for my Exchange 2007 and 2010 Environment. I'm stuck on the Deploying configurations for all server section in the Splunk App for Microsoft Exchange Deploy...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yannK
Splunk Employee
08-28-2011
03:40 PM
Here is an example of the serverclass.conf with the 3 groups CAS-HUB-STORE
# CAS classes [serverClass:Exchange07CAS] whitelist.0=cas01.domain.com whitelist.1=cas02.domain.com whitelist.2=cas03.domain.com [serverClass:Exchange07CAS:apps:fwd_exchange2007_cas] [serverClass:ExchangeWin2K3CAS] whitelist.0=cas01.domain.com [serverClass:ExchangeWin2K3CAS:apps:fwd_win2003_iis] [serverClass:ExchangeWin2K8CAS] whitelist.0=cas02.domain.com whitelist.1=cas03.domain.com [serverClass:ExchangeWin2K8CAS:apps:fwd_win2008r2_iis] # HUB classes [serverClass:Exchange07HUB] whitelist.0=hub01.domain.com whitelist.1=hub02.domain.com [serverClass:Exchange07HUB:apps:fwd_exchange2007_hub] [serverClass:Exchange07HUB:apps:fwd_exchange2007_forefront] # Store classes [serverClass:Exchange07STORE] whitelist.0=store01.domain.com whitelist.1=store02a.domain.com whitelist.2=store02b.domain.com [serverClass:Exchange07STORE:apps:fwd_exchange2007_store] # Reputation classes [serverClass:ExchangeREP] whitelist.0=extweb.domain.com [serverClass:ExchangeREP:apps:fwd_reputation]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
mataharry
Communicator
08-28-2011
03:34 PM
To resume, in your serverclass.conf :
- Create 3 server classes: "Exchange Client Access", "Exchange Hub Transport" and "Exchange Mailbox Store"
- Put the appropriate hosts in each class. It is ok if the host appears in multiple classes.
- Deploy the apps as follow
fwd_exchange20XX_cas and fwd_win2003_iis to the CAS/client Access servers, fwd_exchange20XX_hub and fwd_exchange20XX_forefront to the Hub transports fwd_exchange20XX_store to the mailbox Store. the additional apps to deploy is fwd_reputation that can be on any server with internet access.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Brian_Osburn
Builder
08-24-2011
08:32 AM
I've only done it for Exchange 2007. It may also not be the best way to do things, but this is the way I did it (note that our CAS and HUB servers are one and the same):
[global]
[serverClass:Exchange-2007-ForeFront:app:fwd_exchange2007_forefront]
stateOnClient = enabled
restartSplunkd = true
[serverClass:Exchange-2007-CasHub:app:fwd_exchange2007_cas]
stateOnClient = enabled
restartSplunkd = true
[serverClass:Exchange-2007-CasHub:app:fwd_exchange2007_hub]
stateOnClient = enabled
restartSplunkd = true
[serverClass:Exchange-2007-Store:app:fwd_exchange2007_store]
stateOnClient = enabled
restartSplunkd = true
[serverClass:Exchange-Reputation:app:fwd_reputation]
stateOnClient = enabled
restartSplunkd = true
[serverClass:Exchange-Windows-2008R2:app:fwd_win2008r2_iis]
stateOnClient = enabled
restartSplunkd = true
[serverClass:Exchange-2007-CasHub]
blacklist.0 = *
filterType = blacklist
repositoryLocation = /opt/splunk/etc/deployment-apps
whitelist.0 = pwexchhub0*
[serverClass:Exchange-2007-Store]
blacklist.0 = *
filterType = blacklist
repositoryLocation = /opt/splunk/etc/deployment-apps
whitelist.0 = pwexchmb0*
[serverClass:Exchange-Reputation]
blacklist.0 = *
filterType = blacklist
repositoryLocation = /opt/splunk/etc/deployment-apps
whitelist.0 = pwexchhub01
[serverClass:Exchange-Windows-2008R2]
blacklist.0 = *
filterType = blacklist
repositoryLocation = /opt/splunk/etc/deployment-apps
whitelist.0 = pwexchhub0*
whitelist.1 = pwexchmb0*
[serverClass:Exchange-2007-ForeFront]
blacklist.0 = *
filterType = blacklist
repositoryLocation = /opt/splunk/etc/deployment-apps
whitelist.0 = pwexchhub0*
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
seanyoung
Engager
08-27-2011
06:19 PM
Thanks for the answer.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
Announcing Modern Navigation: A New Era of Splunk User Experience
We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
