Blue Flower

Get your VM ready with CentOS, then login to Splunk and visit this page:    to obtain the release that you want. On my example I'm using the version 6.5.3, and this is the wget URL taking from the download page:

wget -O splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm ''

Get privileges rights on your VM and issue the above command on it (ensure before that you get proper DNS resolution!). After that download finished, verify that you have the .rpm file on your area:

Do then the following:

#chmod o+x splunk.....rpm  ;ensure that file is executable by the root
#groupadd splunk
#useradd -d /opt/splunk -s -g splunk splunk
#rpm -i splunk...rpm

After you "install" splunk, visit thet location /opt/splunk/bin ,then issue:

#chown -R splunk: /opt/splunk
#firewall-cmd --set-default-zone=trusted
#firewall-cmd --zone=trusted --add-port=8000/tcp --permanent
#firewall-cmd --reload
# ./splunk start

Once you finished, ensure the services are up, then visit http://yoursplunkserver:8000

If you have your splunk.license file at hand, install it using the web interface. Notice that you'll have two very different locations:

Path to installation: /opt/splunk

Path to indexes: /opt/splunk/var/lib/splunk

And, of course, ensure splunk is enable at boot start

bin#./splunk enable boot-start

Install the NetFlow gadgets

Start by installing Splunk Stream from this link:

Edit the file /etc/sysctl.conf and add the following:

# increase kernel buffer sizes for reliable packet capture
net.core.rmem_default = 33554432
net.core.rmem_max = 33554432
net.core.netdev_max_backlog = 10000

After you have added those entries, run the following to reload the settings: /sbin/sysctl -p

Installing the net flow add-on



Print Friendly, PDF & Email