Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Recently had Splunk Architecture Lab, one of the requirement is to install the Splunk Universal Forwarders(UF) on two linux servers in an automated manner. There are more than three version of this script available in Splunk base and Splunk answers.
- #
- #Took one of them and tweaked it to suit the lab needs.
- #
- #High Level Steps
- # To download the UF from Splunk base. (The instance supports wget, so ensure to get the latest version of the software.)
- # To install the software in a silent manner, but will prompt the user for credentials.
- # To copy the deploymentclinet.conf file with the deployment server detail and perform a restart
- # Then continue the same to other servers.
- #
- #Supporting Files
- #
- #Forwarderlist.txt - List of universal forwarders with ssh
- # sample
- # user@ipaddress1
- # user@ipaddress2
- #
- #DeploymentClient.conf
- # [target-broker:deploymentServer]
- # targetUri = deploymentserverip:8089
- #
- #The user must have enough permission to copy the file to a tmp directory and then to the /opt/splunk/bin/script directory.
- #
- ######### UF_install.sh Script ##############
- #!/bin/sh
- #### forwarderlist.txt contains the IP address of the forwarder to SSH into
- HOSTS_FILE="forwarderlist.txt"
- ### Download the latest version of the installer from splunk site
- WGET_CMD="wget -O splunkforwarder-7.0.1-2b5b15c4ee89-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.0.1&product=universalforwarder&filename=splunkforwarder-7.0.1-2b5b15c4ee89-Linux-x86_64.tgz&wget=true'"
- INSTALL_FILE="splunkforwarder-7.0.1-2b5b15c4ee89-Linux-x86_64.tgz"
- DEPLOY_SERVER="172.31.23.245:8089"
- PASSWORD="JK!"
- ### installation steps
- REMOTE_SCRIPT="
- cd /opt
- sudo $WGET_CMD
- sudo tar -xzf $INSTALL_FILE
- sudo useradd -m -r splunk
- sudo chown -R splunk:splunk /opt/splunkforwarder
- ### /opt/splunkforwarder/bin/splunk enable boot-start -user splunk
- sudo -u splunk /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
- sudo -u splunk /opt/splunkforwarder/bin/splunk set deploy-poll $DEPLOY_SERVER --accept-license --answer-yes --auto-ports --no-prompt -auth admin:changeme
- sudo -u splunk /opt/splunkforwarder/bin/splunk edit user admin -password $PASSWORD -auth admin:changeme
- ### SCP (copy) the files from Search head into the folder where the user has access to
- sudo scp -r deploymentclient.conf ec2-user@$HOSTS_FILE:~/deploymentclient.conf
- # Change permissions to splunk user
- sudo chown -R splunk:splunk deploymentclient.conf
- # Then copy the file to appropriate directory
- sudo cp -r deploymentclient.conf /opt/splunkforwarder/etc/system/local/
- # once the file in /etc/system/local restart to take effect
- sudo -u splunk /opt/splunkforwarder/bin/splunk restart
- "
- ### Continue the same for other UF hosts
- echo "In 5 seconds, will run the following script on each remote host:"
- echo
- echo "===================="
- echo "$REMOTE_SCRIPT"
- echo "===================="
- echo
- sleep 5
- echo "Reading host logins from $HOSTS_FILE"
- echo
- echo "Starting."
- for DST in `cat "$HOSTS_FILE"`; do
- if [ -z "$DST" ]; then
- continue;
- fi
- echo "---------------------------"
- echo "Installing to $DST"
- sudo ssh -t "$DST" "$REMOTE_SCRIPT"
- done
- echo "---------------------------"
- echo "Done"
- ######## end of script ######
- #Comment below if there is any questions.
- # -i /Users/patrickhastings/PEM/mickey.pem
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement