Hello Splunkies,
I need to know what are the security measures that is should take if i want to introduce universal forwarder on a production environment to forward data to splunk instance on another machine.
Thanks,
Roy
You may want to encrypt the log traffic with proper SSL-keys, and not the ones that come by default.
Change the splunk password from 'changeme' into something else.
You might consider Forwarder Acknoledgement, to ensure that data gets written to index.
http://docs.splunk.com/Documentation/Splunk/latest/Security/WhatyoucansecurewithSplunk
/K
Also, if possible, change the user that Splunk runs as:
http://docs.splunk.com/Documentation/Splunk/5.0.2/installation/RunSplunkasadifferentornon-rootuser
Its worth adding that if you install Splunk via the rpm on linux it will handle this for you
You may want to encrypt the log traffic with proper SSL-keys, and not the ones that come by default.
Change the splunk password from 'changeme' into something else.
You might consider Forwarder Acknoledgement, to ensure that data gets written to index.
http://docs.splunk.com/Documentation/Splunk/latest/Security/WhatyoucansecurewithSplunk
/K