Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to restrict or secure the license network flow from license slave to license master?

splunkreal
Motivator
‎05-11-2017 08:27 AM

Hello guys,

is it possible to restrict Splunk or the network flow from a license slave to license master?

Both licensing and Splunk API are using TCP:8089, we would like to only allow licensing network flows as the slave will be outside our organization.

Thanks.

* If this helps, please upvote or accept solution if it solved *
Reply

ischoenmaker
Explorer
‎11-07-2018 12:49 AM

So you want to allow someone to access your license but don't connect in any other way?

To make it airtight you would need something like an API gateway and only certain REST calls (regarding license) to 8089.

Things to take in consideration.
By default the LM allows any license slave that is able to connect to 8089 to use your license. May not be smart to open this for the world.

You can protect this by changing your pool to only allow predefined licenseslaves. These are identified by the machine GUID. You can either collect all the GUIDs beforehand or keep a small pool open for all slaves to connect. After one connect you can then use the GUI to add a new slave to your 'full' pool.

0 Karma
Reply

adonio
Ultra Champion
‎05-11-2017 11:08 AM

is this what you are trying to achieve? https://answers.splunk.com/answers/67/how-do-i-change-the-ports-that-splunk-listens-on.html
if i misunderstood, can you elaborate on the problem you are trying to solve?

0 Karma
Reply

splunkreal
Motivator
‎05-12-2017 12:30 AM

No, just allow license traffic not management/API. Thanks.

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply

adayton20
Contributor
‎05-12-2017 05:46 AM

Fairly certain you cannot do what you're referring to as it would involve changing the internal workings of how Splunk uses the management port to communicate between other Splunk components.

Since the slave is outside the organization, and based on your question in the title of your post, your best option would likely be encrypting that communication. You can secure the communication between the slaves and license master by configuring SSL in server.conf.
http://docs.splunk.com/Documentation/Splunk/6.6.0/Security/AboutsecuringyourSplunkconfigurationwithS...

Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...