Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- SplunkWebにローカルIPアドレスでアクセスできない
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SplunkWebにローカルIPアドレスでアクセスできない
こんにちは。
自宅環境にSplunk Enterprise 7.3のトライアル版をインストールしました。
環境:Windows Server 2019 Essencial (192.168.0.x)
Active Directory
インストールしたのは一台だけで、Forwarder等は使用していません。
SplunkWebにアクセスするときに以下のアドレスだと正しく接続できます。
しかし、本来そのサーバが持っているIPアドレスやホスト名ではアクセスできずタイムアウトしてしまいます。
ほかのクライアントから上記のアドレスでアクセスしてもやはりSplunkの画面は表示されません。
これはなぜでしょうか。
おそらく、何かの設定が足りないためだとは思うのですが。
アドバイスをお願いします。
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I allowed Windows Firewall port 8000.
And I got firewall log.
Then at local server browser I accessed https://192.168.0.8:8000.
This browser access was timeout. And in firewall log access log didn't remain.
I think before Windows firewall allow or block, browser access is being blocked by anyone.
But I don't know local access is denied without Windows firewall.
I use Windows defender.
I don't use firewall application without it.
What does stop browser access in local server.
Who do have any idea?
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you sure you're not using any proxy server? (Is this your home setup or a company network?)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for replying.
No. I don't use proxy server.
My server is in my home. Windows Server is one and Windows clients are two.
Own server cannot access local IP address, and my clients too.
And my router doesn't become proxy server.
I will try when I access 192.168.0.8 from my client pc, server's firewall access log is written or not.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. Most people don't speak Japanese here 😉
2. 7.3 is a relatively old version. Are you sure you meant that one? Not 9.3?
3. Regardless, if you can connect to localhost on port 8000 it seems that your Splunk instance is running. If you cannot connect from remote it means that either the splunkd.exe is listening on loopback interface only (which you can verify with netstat -an -p tcp) or you are unable to reach the server on a network level (which - depending on your network setup - means either filtering connections with windows firewall or problems with routing or filtering on your router).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you repling, Rick.
I don't little write English.
But I'll Challange.
I misstake Splunk version.
Not 7.3 but 9.3.1
Why do my splunkd loopbacked?
I install splunk-9.3.1-0b8d769cb912-x64-release.msi and I don't change settings perhaps.
In this server I hit netstat.
the result is next.
C:\>netstat -an -p tcp
アクティブな接続
プロトコル ローカル アドレス 外部アドレス 状態
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4112 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4430 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4649 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8191 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49674 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49677 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49681 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49697 0.0.0.0:0 LISTENING
TCP 0.0.0.0:51142 0.0.0.0:0 LISTENING
TCP 0.0.0.0:62000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING
TCP 127.0.0.1:8000 127.0.0.1:59455 ESTABLISHED
TCP 127.0.0.1:8000 127.0.0.1:59484 ESTABLISHED
TCP 127.0.0.1:8065 0.0.0.0:0 LISTENING
TCP 127.0.0.1:8089 127.0.0.1:60730 ESTABLISHED
TCP 127.0.0.1:8089 127.0.0.1:62099 TIME_WAIT
TCP 127.0.0.1:8191 127.0.0.1:53438 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53439 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53443 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53448 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53501 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53504 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53506 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53508 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53509 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53510 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53511 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:53512 ESTABLISHED
TCP 127.0.0.1:8191 127.0.0.1:58525 ESTABLISHED
TCP 127.0.0.1:53422 0.0.0.0:0 LISTENING
TCP 127.0.0.1:53422 127.0.0.1:53473 ESTABLISHED
TCP 127.0.0.1:53426 0.0.0.0:0 LISTENING
TCP 127.0.0.1:53438 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53439 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53443 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53448 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53473 127.0.0.1:53422 ESTABLISHED
TCP 127.0.0.1:53501 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53504 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53506 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53508 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53509 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53510 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53511 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:53512 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:58525 127.0.0.1:8191 ESTABLISHED
TCP 127.0.0.1:59455 127.0.0.1:8000 ESTABLISHED
TCP 127.0.0.1:59484 127.0.0.1:8000 ESTABLISHED
TCP 127.0.0.1:60730 127.0.0.1:8089 ESTABLISHED
TCP 127.0.0.1:61987 127.0.0.1:8089 TIME_WAIT
TCP 192.168.0.8:53 0.0.0.0:0 LISTENING
TCP 192.168.0.8:139 0.0.0.0:0 LISTENING
TCP 192.168.0.8:445 192.168.0.1:51760 ESTABLISHED
TCP 192.168.0.8:445 192.168.0.44:59017 ESTABLISHED
TCP 192.168.0.8:4649 192.168.0.44:59008 ESTABLISHED
TCP 192.168.0.8:58220 20.198.118.190:443 ESTABLISHED
TCP 192.168.0.8:59051 20.194.180.207:443 ESTABLISHED
TCP 192.168.0.8:59103 3.216.246.128:443 ESTABLISHED
TCP 192.168.0.8:59125 50.16.88.233:443 ESTABLISHED
TCP 192.168.0.8:59149 54.228.78.235:443 ESTABLISHED
TCP 192.168.0.8:59174 151.101.193.140:443 ESTABLISHED
TCP 192.168.0.8:59204 151.101.193.140:443 ESTABLISHED
TCP 192.168.0.8:59207 35.186.194.58:443 ESTABLISHED
TCP 192.168.0.8:59218 151.101.193.140:443 ESTABLISHED
TCP 192.168.0.8:59261 34.149.224.134:443 ESTABLISHED
TCP 192.168.0.8:59275 151.101.228.157:443 ESTABLISHED
TCP 192.168.0.8:59297 54.228.78.235:443 ESTABLISHED
TCP 192.168.0.8:59301 151.101.129.181:443 TIME_WAIT
TCP 192.168.0.8:59507 184.72.249.85:443 ESTABLISHED
TCP 192.168.0.8:60773 104.26.13.205:443 TIME_WAIT
TCP 192.168.0.8:60785 23.50.118.133:443 ESTABLISHED
TCP 192.168.0.8:60829 34.107.204.85:443 TIME_WAIT
TCP 192.168.0.8:60851 13.225.183.97:443 ESTABLISHED
TCP 192.168.0.8:60887 172.66.0.227:443 TIME_WAIT
TCP 192.168.0.8:60994 18.154.132.17:443 TIME_WAIT
TCP 192.168.0.8:61016 34.66.73.214:443 ESTABLISHED
TCP 192.168.0.8:61027 3.226.63.48:443 ESTABLISHED
TCP 192.168.0.8:61047 35.186.224.24:443 ESTABLISHED
TCP 192.168.0.8:61050 34.117.162.98:443 TIME_WAIT
TCP 192.168.0.8:61074 34.111.113.62:443 ESTABLISHED
TCP 192.168.0.8:61099 107.178.240.89:443 ESTABLISHED
TCP 192.168.0.8:61108 35.244.154.8:443 ESTABLISHED
TCP 192.168.0.8:61109 107.178.254.65:443 ESTABLISHED
TCP 192.168.0.8:61111 34.98.64.218:443 ESTABLISHED
TCP 192.168.0.8:61184 20.198.118.190:443 ESTABLISHED
TCP 192.168.0.8:61212 151.101.1.140:443 ESTABLISHED
TCP 192.168.0.8:61412 35.163.74.134:443 ESTABLISHED
TCP 192.168.0.8:61452 35.163.74.134:443 ESTABLISHED
TCP 192.168.0.8:61986 65.9.42.42:443 TIME_WAIT
TCP 192.168.0.8:62010 65.9.42.42:443 TIME_WAIT
TCP 192.168.0.8:62030 65.9.42.42:443 TIME_WAIT
TCP 192.168.0.8:62043 65.9.42.42:443 TIME_WAIT
TCP 192.168.0.8:62056 65.9.42.28:443 TIME_WAIT
TCP 192.168.0.8:62079 192.168.0.8:443 TIME_WAIT
TCP 192.168.0.8:62080 192.168.0.8:62000 TIME_WAIT
TCP 192.168.0.8:62082 65.9.42.62:443 TIME_WAIT
TCP 192.168.0.8:62098 65.9.42.62:443 TIME_WAIT
TCP 192.168.0.8:62103 13.107.21.239:443 ESTABLISHED
TCP 192.168.0.8:62104 13.107.21.239:443 ESTABLISHED
TCP 192.168.0.8:62117 65.9.42.62:443 TIME_WAIT
Why is 80xx ports "ESTABLISHED"?
It must appear "LISTENING", don't it?
How can I change the status?
Tell me please.
Thank you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries, I suppose your attempts at English are better than my Japanese.
Loopback is a name for a virtual network interface that every networked host has - it's an interface used by software to talk to other components on the same host (that's the one having 127.0.0.1 address).
Anyway.
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING
This line says that your port 8000 is listening on 0.0.0.0, which means that it should be reachable from everywhere. (if the connections are not filtered on other layers).
So you have to check your windows firewall - as far as I remember windows server by default blocks pretty much of incoming communication so you might need to create a rule to open traffic from the network to local 8000 port.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PickleRick.
Thank you for your advice.
Certainly my server's access is blocked.
PS C:\> Test-NetConnection 127.0.0.1 -port 8000
ComputerName : 127.0.0.1
RemoteAddress : 127.0.0.1
RemotePort : 8000
InterfaceAlias : Loopback Pseudo-Interface 1
SourceAddress : 127.0.0.1
TcpTestSucceeded : True
PS C:\> Test-NetConnection 192.168.0.8 -port 8000
警告: TCP connect to (192.168.0.8 : 8000) failed
ComputerName : 192.168.0.8
RemoteAddress : 192.168.0.8
RemotePort : 8000
InterfaceAlias : Ethernet0
SourceAddress : 192.168.0.8
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False
Then I tried to desable Windows Firewall.
But I cannot access at host IP address.
PS C:\> Get-NetFirewallProfile
Name : Domain
Enabled : False
DefaultInboundAction : NotConfigured
DefaultOutboundAction : NotConfigured
AllowInboundRules : NotConfigured
AllowLocalFirewallRules : NotConfigured
AllowLocalIPsecRules : NotConfigured
AllowUserApps : NotConfigured
AllowUserPorts : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen : True
EnableStealthModeForIPsec : NotConfigured
LogFileName : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes : 4096
LogAllowed : False
LogBlocked : False
LogIgnored : NotConfigured
DisabledInterfaceAliases : {NotConfigured}
Name : Private
Enabled : False
DefaultInboundAction : NotConfigured
DefaultOutboundAction : NotConfigured
AllowInboundRules : NotConfigured
AllowLocalFirewallRules : NotConfigured
AllowLocalIPsecRules : NotConfigured
AllowUserApps : NotConfigured
AllowUserPorts : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen : False
EnableStealthModeForIPsec : NotConfigured
LogFileName : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes : 4096
LogAllowed : False
LogBlocked : False
LogIgnored : NotConfigured
DisabledInterfaceAliases : {NotConfigured}
Name : Public
Enabled : False
DefaultInboundAction : NotConfigured
DefaultOutboundAction : NotConfigured
AllowInboundRules : NotConfigured
AllowLocalFirewallRules : NotConfigured
AllowLocalIPsecRules : NotConfigured
AllowUserApps : NotConfigured
AllowUserPorts : NotConfigured
AllowUnicastResponseToMulticast : NotConfigured
NotifyOnListen : False
EnableStealthModeForIPsec : NotConfigured
LogFileName : %systemroot%\system32\LogFiles\Firewall\pfirewall.log
LogMaxSizeKilobytes : 4096
LogAllowed : False
LogBlocked : False
LogIgnored : NotConfigured
DisabledInterfaceAliases : {NotConfigured}
Do you think other reasons?
AppDynamics Summer Webinars
SOCin’ it to you at Splunk University
Credit Card Data Protection & PCI Compliance with Splunk Edge Processor
