![]() ![]() REM Creates nf and fills in the pass4SymmKey used to authenticate against the deployment serverĮCHO pass4SymmKey = ?PLOYMENTSERVER_PASS4SYMMKEY% ) > " %INSTALL_DIR%\etc\apps\ %DS_APPNAME%\default\nf "ĮCHO Created file %INSTALL_DIR%\etc\apps\ %DS_APPNAME%\default\nf successfullyĮCHO FAILED to create %INSTALL_DIR%\etc\apps\ %DS_APPNAME%\default\nf REM Creates nf and fills in the IP/hostname and port of the deployment server Mkdir " %INSTALL_DIR%\etc\apps\ %DS_APPNAME%\default "ĮCHO Created directory %INSTALL_DIR%\etc\apps\ %DS_APPNAME%\default successfullyĮCHO FAILED to create directory %INSTALL_DIR%\etc\apps\ %DS_APPNAME%\default REM Name is defined at top of script - the same name has be used on the Deployment Server to replace/manage these app and it's settings ) > " %INSTALL_DIR%\etc\system\local\nf "ĮCHO Created file %INSTALL_DIR%\etc\system\local\nf successfullyĮCHO FAILED to create %INSTALL_DIR%\etc\system\local\nf REM Splunk deletes this file after the first start REM Password hash is defined at top of script REM Creates nf which Splunk uses on first startup to set the password for the admin user Msiexec.exe /i %MSIFILE% AGREETOLICENSE= "Yes " INSTALLDIR= " %INSTALL_DIR% " LAUNCHSPLUNK= 0 SERVICESTARTTYPE=auto INSTALL_SHORTCUT= 0 /quiet /L*v logfile.txtĮCHO Splunk Universal Forwarder installation successful.ĮCHO Splunk Universal Forwarder installation FAILED. Wmic product where name= "UniversalForwarder " call uninstallĮCHO Installing Splunk Universal Forwarder REM Trying to stop and uninstall existing Universal ForwarderĮCHO Trying to stop an existing Universal Forwarder serviceĮCHO Stopped Splunk Universal Forwarder service.ĮCHO Failed to stop Splunk Universal Forwarder service.ĮCHO Trying to uninstall an existing Universal Forwarder service IF " %UNINSTALL_EXISTING_UF% " = "true " ( REM If it isn't, it will print an error message and quitĮCHO #ĮCHO # ERROR: ADMINISTRATOR PRIVILEGES REQUIRED #ĮCHO This script must be run as administrator to work properly!ĮCHO Splunk Universal Forwarder MSI file exists, starting installation.ĮCHO Splunk Universal Forwarder MSI file does not exist!ĮCHO Exiting now, make sure %MSIFILE% exists or change variable MSIFILE in script. REM This detects if the script is being run with admin privileges REM Deploy custom cret file to allow shared encrypted passwords etc. REM Only deploy custom cret file if set to true (case sensitive!) SET SERVER_CERT_KEY_CHAIN_LOCAL_FILE =splunk_cert_key_chain.pem Must contain forwarder certificate, forwarder private key, and possible intermediate certificates, all in PEM format Has to be in the same folder as this script. REM Filename for forwarder certificate file to be copied. SET ROOT_CA_CERT_LOCAL_FILE =splunk_root.pem Must contain one or more PEM certificates REM Filename for Root CA file to be copied. REM Folder to create in $SPLUNK_HOME\etc\auth to deploy certificates and key in SET DEPLOYMENTSERVER_PASS4SYMMKEY =#ENCRYPTED PASS4SYMMKEY FOR DEPLOYMENT SERVER AUTHORIZATION# REM pass4symmkey used by DS and DC to verify each other. SET DEPLOYMENTSERVER_CERT_COMMON_NAME =#CN OF DEPLOYMENT SERVER CERTIFICATE# REM Common name in the certificate used by the deployment server SET TLS_APPNAME =org_zone_dc-windows_tls-base App with exact same name can be distributed via the DS to overwrite this config later REM Name for app containing TLS/pass4symmkey config. REM All TLS config (certificates, pass4symmkey, copying Root CA and cert file.) will only be applied if this is set to true (case sensitive!) SET DEPLOYMENTSERVER =#DEPLOYMENT SERVER FQDN#:8089 REM FQDN/hostname/IP and port for deploymentserver, e.g. SET DS_APPNAME =org_zone_dc_deploymentclient ![]() REM Name for app containing deployment client config. SET HASHED_PASSWORD =#HASHED ADMIN PASSWORD# Can be copied from etc/passwd on an existing Splunk instance. REM Try to uninstall existing Universal Forwarder if set to true (case sensitive!) ![]() SET INSTALL_DIR =C:\Program Files\SplunkUniversalForwarder REM Install dir, defaults to C:\Program Files\SplunkUniversalForwarder msi file and the Root CA and forwarder certificate have to be properly formatted in the same directory as the script REM This script requires Splunk >= 7.1 - older versions might work with a non-hashed password in nf REM This script has to be run with admin privileges REM All configs are saved to seperate apps so they can be managed using the deployment server REM For validation of clients sending to indexers, you can copy a certificate private key to the forwarder REM You can also configure a deployment server, a Root CA to validate it, and a pass4SymmKey for communication with it ![]() REM It allows to set a custom admin PW that is not distributed in cleartext, but only as a hash REM This script installs the Splunk Universal Forwarder on Windows ![]()
0 Comments
Leave a Reply. |