Splunk forwarder in ubuntu


i have installed Ubuntu & kali on virtualbox. i have installed DVWA application on ubuntu and now i have to install splunk forwarder in ubuntu and capture DVWA application logs when i aattack on dvwa application via kali Vm then Alerts + logs has to generated and sent to Host window 10 where i installed splunk means directly sent to splunk on window10. i wanted to know how to install splunk forwarder and how to configure input config file and output config file and how to add monitor command  and i have tried installing Splunk forwarder but facing difficulty.

Kindly connect and let me know


Labels (1)
Tags (1)

Super Champion

@nwuest Great and Detailed Answer !.. 

@shadowit .. this may be a biiig task(for a newbie).. you will need to go thru step by step.. (it will be an easy task for a splunk admin actually).. 

As you are linux comfortable guy, its not a big and difficult task. please check the ubuntu Universal Forwarder installation, as listed above. on your progress, if you are struck, please let us know. thanks. 

>>> Happy Splunking !
0 Karma

Path Finder

Hi @shadowit,

Kali VM: Your attack platform

Ubuntu VM: DVWA application
Splunk Universal Forwarder is installed on the Ubuntu machine

  1. "i wanted to know how to install splunk forwarder"
    Check out the following link: Install the universal forwarder on Linux

  2. ".. how to configure an output config file"
    Check out the following link: Configure forwarding with outputs.conf 
    ** This is to be configured on the Splunk Universal Forwarder

  3. Add-on App "Install the *nix app on the Ubuntu VM"
    Check out the following link: Splunk Add-on for Unix and Linux 
    This app will help monitor some applicable logs that will be useful to monitoring your activities with the Kali VM attacking the DVWA.
  4. "how to add monitor command"
    Check out the following link: Monitor files and directories with the CLI 
    This will help you monitor other log files not covered in the *nix app from point 3.

Windows 10: Splunk Enterprise instance set up as an Indexer
Splunk Enterprise installed as an Indexer/SearchHead

  1. Add-on question "How to install Splunk Enterprise"
    Check out the following link: Windows installation instructions 
    Follow these instructions to set up the Windows 10 machine as an Indexer
  2. "how to configure input config file"
    Check out the following link: Configure your inputs 
    ** This is to be configure on the Splunk Enterprise instance set up as an Indexer

We do hope this helps get you on your way @shadowit, do let us know your progress and if this has helped.


*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>