3.5 Installing a Universal Forwarder

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
2 hours 29 minutes
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
this module three video will be installing a universal foreigner
00:04
as a review. A universal forger gets installed on the machine you want to collect data from and Fords it on to be indexed and used.
00:13
There are other ways to get data in this monk, but this is a popular and useful method.
00:18
At this point, there are a few checks you should do to make sure when you install the universal Foreigner, you're able to send the data you want. Onward.
00:26
You'll need to make sure there's a clear path of communication between
00:30
where you install the universal forger in your splint, server and other splint components. When you decide
00:35
to break it out and add more pieces,
00:38
Splunk, by default, also uses several ports that will need to be open and allowed first book to work.
00:44
You also want to make sure that the account you're using to set up *** have the necessary permissions to access the data you want to Ford.
00:53
In this simple environment, you'll need ports 9997 and 80 89. Unless you like the chains ease from the default options.
01:02
This diagram from *** dot com is helpful at visualizing the communication path in this video or focused down here
01:10
on the communication between universal foreigner indexers and deployment server.
01:17
While it's important to know how to go through a manual insulation of the Universal Florida, another option to consider when you get to a larger environment is using a deployment tool like S E C M answerable or chef.
01:29
So to get started, I've got to
01:32
Machines will be working from this Lennox box is gonna be my main sponsor. Ver. It hosts a search head where we can log into Enron searches and checks and also functions for indexing and managing foreigners.
01:44
And then this Windows
01:47
machine is where we'll be installing the Universal Foreigner to start off. I'm logged in this point dot com. From here, we'll go to products
01:56
free trial and downloads
01:57
and then scroll down where we can download the Universal Foreigner
02:05
already downloaded it to save us some time. So I'm just gonna hop into my downloads folder here
02:09
and double click on this fur on it
02:15
except the license agreement hit next,
02:19
create a user name and password,
02:25
and then our,
02:28
um,
02:30
like you mentioned, we're not doing a distributor environment so our search head is
02:36
performing multiple roles, including that of a deployment server. So I put in the I p for that and the default management I p of 80 89
02:44
went next, and I'm also gonna put it here
02:46
as it works as an index. Sir.
02:53
Quick next and install
02:58
yes on that.
03:04
And it's successful insults. I'm gonna click finish.
03:09
And once you've done the install, something you'll probably want to do is restart the Splunk service.
03:23
I'm just gonna open this up. Scroll down Thio Splunk for their service.
03:31
Restart that
03:38
hot back
03:39
thio my Lennox machine here
03:45
and we're gonna go to settings once we've logged into the Web console
03:50
and Ford or management
03:55
and it's not yet picking it up.
03:59
Sometimes it takes a second
04:04
men in there and do a couple of refreshes. But now, under four other management, we can see this is the name of the host where installed the universal foreigner. So it's successfully reporting back
04:17
ah, to our deployment service last search head.
04:23
So with that, we could say that we've successfully completed the activity for this video and the next video will be for Module four will be working with data.
04:34
Thanks for watching
Up Next
Introduction to Splunk

This Splunk training class is designed to quickly introduce you to Splunk and its many capabilities.

Instructed By