The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Previous Topic: Log file not broken up into individual events | Next Topic: Unable to index files
Posts 1–3 of 3
Hi,
I have Splunk installed on a Windows box with services running as a Domain Admin Service Account. I am able with the Windows App to get Event Logs (as an example) off multiple servers.
However, I also have the *nix app installed as we have multiple Linux and HP Servers installed. However each one has local authentication and is not tied in via Kerboros.
How can I provide Splunk with the credentials for these servers?
Thanks,
Chris.
I assume that you're not running Splunk forwarder on your remote machines?
Linux and HP-UX don't have standard APIs for getting the type of data we collect with the unix app. The Unix app has to run local shell scripts (ps, top, vmstat, etc.) to get this data. Normally this would be forwarded to the Splunk indexer by a Splunk forwarder running on the machine.
You *could* try to write/modify shell scripts like the ones in the etc/apps/unix/bin folder to run using SSH, and you could provide credentials by generating an SSH keypair for the Splunk user account and putting the public key over on the remote machines so you don't need an interactive login. Setting up the remote access would not be too hard, but modifying the scripts to run remotely (and to use the right arguments and process the output correctly by the type of the remote server might be a bit of work.
OK, thanks for this. I'll look at putting forwarders on.