![]() Tar: Error opening archive: Failed to open 'splunkforwarder-8.2.0-e053ef3c985f-darwin-64.tgz' OpenDirectory location is directory node nameĬhmod: splunkforwarder-8.2.0-e053ef3c985f-darwin-64.tgz: No such file or directory Usage: passwd -l location]] įile location is path to file (default is /etc/master.passwd) private/tmp/Splunk/splunkUF_bash_install_script-mac.sh: line 25: useradd: command not foundĬat: ospwdfile: No such file or directory private/tmp/Splunk/splunkUF_bash_install_script-mac.sh: line 22: /opt/splunkforwarder/bin/splunk: No such file or directory ![]() Script result: # Welcome to the Splunk 8.2 Universal Forwarder auto-installer for Mac. Running script Install and Remove Splunk files. I use the Jamf to run the shell script and to clean up the mess in /tmp after.Įrrors in script seem to be opening the. Is anyone able to install Splunk Universal Forwarder 8.2 on 10.15 Macs? Here is my package, which puts all the files in /tmp directory. ![]() # probably script is being run as correct user which may be root or splunk or other. # Ownership probably does not need to be changed because # NOTE: script assumes there is exactly ONE splunkforwarder*.tgz package already present in /tmp/splunkforwarder*.tgzĬd /opt/ export SPLUNK_HOME=/opt/splunkforwarder Here's a screenshot of the installer built with Packages, but Composer would also be fine.įinally, here is the the postinstall script that's working as of today. The 3 files (splunkforwarder*.tgz, nf, nf) are delivered to /var/tmp by the install package. HASHED_PASSWORD = $9$this_is_a_long_string_provided_by_the_command_above_the_rest_is_random.C.EoL5jgk74jFmPljaidjshadjduejskcKDHiSHiskslclOS.oIHDhkxezKBDLMiahdEdu88dcD. nf is generated with an already installed splunk binary: sudo /opt/splunkforwarder/bin/splunk hash-passwd password_hereĪnd the file looks like this: tgz download from Splunk.ĭnf looks like this: There are two components needed in addition to the. Ended up finding an install script for Linux in the Splunk forums and adapted it to work for our needs. pkg installer provided by Splunk - due to TCC and the inability to whitelist binaries because they aren't signed, etc. Just had to go through this on Mojave - haven't yet tried it on Catalina but I've seen in the Splunk forums that people are having issues with unsigned binaries there.Īnyway, I was having tons of issues getting a silent install using the. ![]() Hope this gets you started in the right direction. ![]() This was from 3 or 4 years ago so not sure if it's still working with HS and newer version of Splunk Launchctl load -w /System/Library/LaunchDaemons/ Launchctl unload /System/Library/LaunchDaemons/ # Starting and stoping ist for syslog fowarding # Appending the following line to nf for syslog fowarding Sudo launchctl load /System/Library/LaunchDaemons/Īnd much later in my config script I used this #Adding sshd module to syslog need for full CIS syslog fowarding #sudo launchctl unload /System/Library/LaunchDaemons/ we could see in real time when a usb drive was plugged in. That said that was before apple change to the new universal logging so I have to read up on that, but here is the old code that worked for me to send to a Splunk test server. Did try this a few year ago but kinda gave up on the "Splunk Universal Forwarder" after realized that you can have the logs forwarded straight from the OS with adding a "special" app. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |