Friday, December 28, 2018

RHEL7 - Splunk server installation



[root@server2 network-scripts]# nmcli dev status
DEVICE       TYPE      STATE                                  CONNECTION
virbr0       bridge    connected                              virbr0
eno16780032  ethernet  connected                              ens192
eno33559296  ethernet  connected                              devi2
eno50338560  ethernet  connected                              team0-port1
eno67109888  ethernet  connected                              team0-port2
virbr0-nic   ethernet  connected                              virbr0-nic
team0        team      connected                              team0
eno83889152  ethernet  connecting (getting IP configuration)  team-port1
eno2         team      connecting (getting IP configuration)  team1
lo           loopback  unmanaged                              --
[root@server2 network-scripts]# ls -l ifcfg-devi2
-rw-r--r--. 1 root root 308 Dec 23 13:01 ifcfg-devi2
[root@server2 network-scripts]# more ifcfg-devi2
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.10.122
PREFIX=24
GATEWAY=192.168.10.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=devi2
UUID=025ddafc-d79e-4b5f-a3df-23bd9c60ba34
DEVICE=eno33559296
ONBOOT=yes
[root@server2 network-scripts]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.10.1    0.0.0.0         UG        0 0          0 eno16780032
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0 eno16780032
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0 team0
192.168.122.0   0.0.0.0         255.255.255.0   U         0 0          0 virbr0
[root@server2 network-scripts]# nmcli connection up devi2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/25)
[root@server2 network-scripts]# ifconfig | more


[root@server2 network-scripts]# pwd
/etc/sysconfig/network-scripts
[root@server2 network-scripts]# cd
[root@server2 ~]# ls
anaconda-ks.cfg  createusers        Downloads        random     testfile
ca.crt           createweb.sh       Music            random1    Videos
ca.csr           createweb.sh.orig  original-ks.cfg  script.sh
ca.key           Desktop            Pictures         stderr
create12         Documents          Public           Templates

[root@server2 ~]# cd Downloads/
[root@server2 Downloads]# pwd
/root/Downloads
[root@server2 Downloads]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root  8.0G  4.5G  3.6G  56% /
devtmpfs                 905M     0  905M   0% /dev
tmpfs                    921M  320K  920M   1% /dev/shm
tmpfs                    921M   64M  858M   7% /run
tmpfs                    921M     0  921M   0% /sys/fs/cgroup
/dev/sda1                497M  180M  318M  37% /boot
tmpfs                    185M   32K  185M   1% /run/user/0
tmpfs                    185M   20K  185M   1% /run/user/1000
/dev/sr0                 507M  507M     0 100% /run/media/kamal/CentOS 7 x86_64
tmpfs                    921M   76K  921M   1% /tmp
[root@server2 Downloads]# rpm -ivh splunk-7.2.3-06d57c595b80-linux-2.6-x86_64.rp                                                      m
warning: splunk-7.2.3-06d57c595b80-linux-2.6-x86_64.rpm: Header V4 RSA/SHA256 Si                                                      gnature, key ID b3cd4420: NOKEY
Preparing...                          ################################# [100%]
useradd: cannot create directory /opt/splunk
Updating / installing...
   1:splunk-7.2.3-06d57c595b80        ################################# [100%]
complete
[root@server2 Downloads]# ls -ld /opt/splunk
drwxr-xr-x. 8 splunk splunk 222 Dec 28 23:57 /opt/splunk
[root@server2 Downloads]# cd /opt/splunk
[root@server2 splunk]# ls
bin            license-eula.txt
copyright.txt  openssl
etc            README-splunk.txt
ftr            share
include        splunk-7.2.3-06d57c595b80-linux-2.6-x86_64-manifest
lib
[root@server2 splunk]# /opt/splunk/bin/^C
[root@server2 splunk]# cd /opt/splunk/bin/
[root@server2 bin]# ls
bloom                   jars                            scripts
bottle.py               jp.py                           scrubber.py
btool                   jsmin                           searchtest
btprobe                 locktest                        setSplunkEnv
bzip2                   locktool                        shc_upgrade_template.py
cherryd                 mongod                          signtool
classify                mongod-3.4                      slim
ColdStorageArchiver.py  mongod_cc                       splunk
coldToFrozenExample.py  node                            splunkd
copyright.txt           openssl                         splunkdj
dbmanipulator.py        parsetest                       splunkmon
exporttool              parse_xml_buckets.py            splunk-optimize
fill_summary_index.py   pcregextest                     splunk-optimize-lex
genAuditKeys.py         pid_check.sh                    srm
genRootCA.sh            python                          tarit.py
genSignedServerCert.py  python2                         tocsv.py
genSignedServerCert.sh  python2.7                       tsidxprobe
genWebCert.py           recover-metadata                tsidxprobe_plo
genWebCert.sh           rest_handler.py                 tsidx_scan.py
importtool              runScript.py                    untarit.py
installit.py            safe_restart_cluster_master.py  walklex
[root@server2 bin]# ls -l splunk
splunk               splunkdj             splunk-optimize
splunkd              splunkmon            splunk-optimize-lex
[root@server2 bin]# ls -l splunk^C
[root@server2 bin]# cp /root/
anaconda-ks.cfg    .createusers.swp   .ICEauthority      script.sh
.bash_history      createweb.sh       .lesshst           .ssh/
.bash_logout       createweb.sh.orig  .local/            stderr
.bash_profile      .cshrc             .mozilla/          .targetcli/
.bashrc            .dbus/             Music/             .tcshrc
.cache/            Desktop/           .mysql_history     Templates/
ca.crt             Documents/         original-ks.cfg    testfile
ca.csr             Downloads/         Pictures/          Videos/
ca.key             .elinks/           Public/            .xauth2PhtaQ
.config/           .esd_auth          random             .Xauthority
create12           .gnome2/           random1
createusers        .gnome2_private/   .rnd
[root@server2 bin]# cp /root/Downloads/Splunk-Enterprise-v7.1.2-x86_Technet24/
CRACK/
ReadMe.txt
splunk-7.1.2-a0c72a66db66-x86-release.msi
splunk-7.1.2-a0c72a66db66-x86-release.msi.md5
Technet24.url
[root@server2 bin]# cp /root/Downloads/Splunk-Enterprise-v7.1.2-x86_Technet24/CR                                                      ACK/
adsldpc.dll                    traitor.dll
splunkEnterpriseTechnet24.lic
[root@server2 bin]# cp /root/Downloads/Splunk-Enterprise-v7.1.2-x86_Technet24/CR                                                      ACK/splunkEnterpriseTechnet24.lic .
[root@server2 bin]# sp
spacewalk-channel  spdsend            spice-vdagent      split
spd-conf           speaker-test       spice-vdagentd     sprof
spd-say            speech-dispatcher  splain
[root@server2 bin]# pwd
/opt/splunk/bin
[root@server2 bin]# /opt/splunk/bin/./splunk start
SPLUNK SOFTWARE LICENSE AGREEMENT

............
modification, disclosure or transfer of this commercial product and data, is
restricted in accordance with 48 C.F.R. Section 12.211, 48 C.F.R. Section
12.212, 48 C.F.R. Section 227.7102-2, and 48 C.F.R. Section 227.7202, as
applicable. Consistent with 48 C.F.R. Section 12.211, 48 C.F.R. Section
--More--(52%)


Splunk Software License Agreement 10.01.2018
Do you agree with this license? [y/n]:      y
Do you agree with this license? [y/n]: y

This appears to be your first time running this version of Splunk.

Splunk software must create an administrator account during startup. Otherwise,
Create credentials for the administrator account.
Characters do not appear on the screen when you type in credentials.

Please enter an administrator username: root
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password:
Please confirm new password:
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 2048 bit long modulus
.......................................+++++
........................................................................................+++++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 2048 bit long modulus
..............................................................................................................+++++
........+++++
e is 65537 (0x10001)
writing RSA key

Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.

Splunk> Like an F-18, bro.

Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking appserver port [127.0.0.1:8065]: open
        Checking kvstore port [8191]: open
        Checking configuration...  Done.
                Creating: /opt/splunk/var/lib/splunk
                Creating: /opt/splunk/var/run/splunk
                Creating: /opt/splunk/var/run/splunk/appserver/i18n
                Creating: /opt/splunk/var/run/splunk/appserver/modules/static/cs                                                      s
                Creating: /opt/splunk/var/run/splunk/upload
                Creating: /opt/splunk/var/spool/splunk
                Creating: /opt/splunk/var/spool/dirmoncache
                Creating: /opt/splunk/var/lib/splunk/authDb
                Creating: /opt/splunk/var/lib/splunk/hashDb
New certs have been generated in '/opt/splunk/etc/auth'.
        Checking critical directories...        Done
        Checking indexes...
                Validated: _audit _internal _introspection _telemetry _thefishbucket history main summary
        Done
        Checking filesystem compatibility...  Done
        Checking conf files for problems...
        Done
        Checking default conf files for edits...
        Validating installed files against hashes from '/opt/splunk/splunk-7.2.3-06d57c595b80-linux-2.6-x86_64-manifest'
        All installed files intact.
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
...+++++
................................................................................                                                      ........................+++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=server2.expanor.local/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available...... Done


If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://server2.expanor.local:8000

[root@server2 bin]#


[root@server2 bin]# firewall-cmd --add-port=8000/tcp --permanent
success
[root@server2 bin]# firewall-cmd --reload
success
[root@server2 bin]# firewall-cmd --list-all
public (default, active)
  interfaces: eno16780032 eno33559296 eno50338560 eno67109888 team0
  sources:
  services: dhcpv6-client mysql smtp ssh
  ports: 3306/tcp 8085/tcp 8000/tcp 5423/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root@server2 bin]#

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)