Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About Tonyrakus
Tonyrakus
Explorer
Member since:
08-16-2020
08-20-2020
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 1 |
| Member Since | 08-16-2020 |
Activity Feed
- Got Karma for Help - Universal Forwarder / Configuration / Alerts /. 12-27-2021 12:09 AM
- Posted Re: Problem as per screen shot - 500MB min disk space reached on Getting Data In. 08-20-2020 07:25 PM
- Posted Problem as per screen shot - 500MB min disk space reached on Getting Data In. 08-20-2020 05:50 PM
- Karma Re: Help - Universal Forwarder / Configuration / Alerts / for gcusello. 08-20-2020 05:45 PM
- Posted Re: Help - Universal Forwarder / Configuration / Alerts / on Getting Data In. 08-20-2020 06:08 AM
- Posted Re: Help - Universal Forwarder / Configuration / Alerts / on Getting Data In. 08-20-2020 03:45 AM
- Posted Re: Help - Universal Forwarder / Configuration / Alerts / on Getting Data In. 08-20-2020 02:39 AM
- Posted Re: Help - Universal Forwarder / Configuration / Alerts / on Getting Data In. 08-20-2020 12:52 AM
- Posted Help - Universal Forwarder / Configuration / Alerts / on Getting Data In. 08-18-2020 11:31 PM
- Posted Re: Universal Forwarder install on Installation. 08-16-2020 11:05 PM
- Posted Re: Universal Forwarder install on Installation. 08-16-2020 10:38 PM
- Posted Universal Forwarder install on Installation. 08-16-2020 01:16 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 1 | |||
| 0 |
08-20-2020
07:25 PM
This is another screen shot of the index path the data writes to.. I need to somehow get more space..
... View more
08-20-2020
05:50 PM
Hi Guys I have Splunk enterprise installed. I have pulled across some directory's with files inside ( from Kali ). The issue is I cannot bring up the files in the search and reporting app.. I believe it is because of the Messages in the screen shot below.. which I have no idea how to fix.. even after reading some forums.. I am non IT person.. and new to Splunk. Any help would be great .
... View more
08-20-2020
06:08 AM
Thanks very much again . I will accept for people in the community. I have managed to get some folders / files etc uploaded now.. I am trying to search specific files from the directories in ( search and reports) but at this stage my key words must not be right as they are not bringing up any results. I will watch the training you suggested ( documentation) and some utube clips etc.. and will be well on my way. Thanks again .
... View more
08-20-2020
03:45 AM
Thanks very much Giuseppe. Your very helpful:) I have stopped universal forwarder running on Kali now.. I have not uninstalled it as yet as may end up forwarding from it to another splunk enterprise at some point. Last question for tonight I promise - If I now want to upload log files from Kali to splunk enterprize.... the best way of doing that is how? clicking on one of the boxes in the screen shot and going from there? In the splunk training I did it only showed how to upload data by uploading files of logs..... I guess I could send some log files from Kali to a file and then upload... but is there another real time way so I can keep the log files uploading continuously. ?
... View more
08-20-2020
02:39 AM
Hi Giuseppe Thank you. My KALI LINUX VM is 192.168.253.130, and yes Splunk Enterprize is installed there. ( VM is set to NAT) I also installed Splunk universal forwarder on the same machine . I tried to then set up the forwarder to forward traffic from Kali linux to go into splunk enterprize.... but for some reason it is showing in Splunk enterprize that a forwarder is set up from from IP 192.168.253.1 ... which I think is another VM.. ( on my main OS - windows I went into command prompt and did ipconfig.. and results are in the screen shot below). ./splunk add forward-server 192.168.253.130:9997 -auth Tonyrakus:WhistlXX82?
... View more
08-20-2020
12:52 AM
Hi GcuselloThanks for your help. I installed Splunk and universal forwarder in Kali Linux.. Then I used the below command to set up the forwarder and set up the forwarder to the below IP address and port. The IP address is the one in my Kali Linux system when I go ifconfig.... ./splunk add forward-server 192.168.253.130:9997 -auth Tonyrakus:WhistlXXXX? I go into Splunk enterprize. Settings - forwarder management.... and the following screen comes up below - I also went into Settings - Forwarding and receivig and confugure receiving .. and made receiving port is 9997.. So given this is it all configured right? I have no data in splunk though.... so now I need to figure out how to forward it.. I am wanting to forward log files... Any idea how I should do that? I appreciate your help.
... View more
08-18-2020
11:31 PM
1 Karma
Hi, I am struggling to configure Splunk forwarder to get data into splunk. I am trying to get the data ( auth.log ) sent across from a Kali linux operating system. When I configured it in kali used the below syntax ( Ip address is my KALI ip address when I ifconfig. I followed a guide online where it said to put port 11000. ./splunk add forward-server 192.168.253.XX:11000 ( note XX is not correct.. but did not want to disclose my IP on here). I then did below - ./splunk add monitor /var/log/access.log Then I restarted splunk. I then went into Splunk enterprize .. settings and then Forwarder management... I can see below - The IP address is not the same as the Kali linux VM IP.. is that normal? The first three octets are the same.. but not the fourth ( I assume it is because it is a /24 subnet). I then go into Search and reporting.. but there is no data summary or any data that come across... ?? what I am doing wrong... User-PC Apps None Server Classes None 72660893-7D38-4486-A625-A57C08C5592A User-PC 192.168.253.1 Delete Record windows-x64 0 deployed 8 minutes ago Essentially - I am playing around with a few VM's Ubunto, Windows 10, Kali Linux and trying to get the data from those VM's to splunk enterprise and play around with setting up some alerts and generate some reports. Maybe the Universal forwarder is not the best idea for what I am trying to do? I am very new at this... so any help would be great. Thanks in advance for any help
... View more
Labels
- Labels:
-
universal forwarder
08-16-2020
11:05 PM
Thank you 🙂 Do you possibly have the wget command I could use to to download the package?
... View more
08-16-2020
10:38 PM
I've tried clearing the cache, opening in incognito window and in both firefox and chrome.. and I still have the same issue.. I get splunk.com/en_us/download/universal-forwarder.html The page is blank except for the titles at the top. I believe there should be an option to choose the forwarder and the OS and then download.. but nothing.
... View more
08-16-2020
01:16 AM
Hi all. I am very new to splunk.. I am using splunk enterprize on my main OS ( windows). I am trying to set up a forwarder to send data etc from KALi and Ubunto VM's. I am trying to download the forwarder on my windows OS but when I click on DOWNLOAD now.. it just comes up with this blank screen.... rather than starting to download. Any ideas what the issue could be?
... View more
Labels
- Labels:
-
Windows
