LinuxにSplunkをインストールする

提供: セキュリティ
移動: 案内検索
スポンサーリンク

ここでは、LinuxSplunk をインストールする方法を説明します。

概要

ダウンロード

インストール

$ sudo rpm -i splunk-5.0.4-172409-linux-2.6-x86_64.rpm
warning: /home/kaworu/splunk-5.0.4-172409-linux-2.6-x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID xxxxxxxx: NOKEY
-------------------------------------------------------------------------
Splunk has been installed in:
        /opt/splunk
 
To start Splunk, run the command:
        /opt/splunk/bin/splunk start
 
 
To use the Splunk Web interface, point your browser to:
    http://foo.local:8000
 
 
Complete documentation is at http://docs.splunk.com/Documentation/Splunk
-------------------------------------------------------------------------
$ sudo ls /opt/splunk/
bin            include           README-splunk.txt
copyright.txt  lib               share
etc            license-eula.txt  splunk-5.0.4-172409-Linux-x86_64-manifest
ftr            openssl

使い方

はじめて起動すると、ライセンスを確認されます。

$ sudo /opt/splunk/bin/splunk start
SPLUNK SOFTWARE LICENSE AGREEMENT
 
THIS SPLUNK SOFTWARE LICENSE AGREEMENT ("AGREEMENT") GOVERNS THE
INSTALLATION AND USE OF THE SPLUNK SOFTWARE DESCRIBED HEREIN. THE
INSTALLATION AND USE OF THE SPLUNK SOFTWARE WILL BE SUBJECT TO THE
ORDER DOCUMENT(S).
 
YOU WILL BE REQUIRED TO INDICATE YOUR AGREEMENT TO THESE TERMS AND
CONDITIONS IN ORDER TO DOWNLOAD THE SOFTWARE, REGISTER THE SOFTWARE
WITH SPLUNK AND OBTAIN LICENSE KEYS NECESSARY TO COMPLETE THE
INSTALLATION PROCESS FOR THE SOFTWARE. BY CLICKING ON THE "YES" BUTTON
OR OTHER BUTTON OR MECHANISM DESIGNED TO ACKNOWLEDGE AGREEMENT TO THE
TERMS OF AN ELECTRONIC COPY OF THIS AGREEMENT, OR DOWNLOADING OR
INSTALLING THE SOFTWARE, OR USING ANY MEDIA THAT CONTAINS THE
SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY THIS AGREEMENT, INCLUDING
ALL TERMS INCORPORATED BY REFERENCE. THIS AGREEMENT IS ENFORCEABLE
AGAINST ANY PERSON OR ENTITY THAT USES THE SOFTWARE AND ANY PERSON OR
ENTITY THAT USES THE SOFTWARE ON ANOTHER PERSON'S OR ENTITY'S BEHALF.
YOU AGREE THAT THIS AGREEMENT IS EQUIVALENT TO ANY WRITTEN NEGOTIATED
AGREEMENT SIGNED BY YOU.
 
IF YOU AGREE TO THESE TERMS ON BEHALF OF A BUSINESS OR A GOVERNMENT
AGENCY, DEPARTMENT OR INSTRUMENTALITY, YOU REPRESENT AND WARRANT THAT
Do you agree with this license? [y/n]:
This appears to be your first time running this version of Splunk.
Copying '/opt/splunk/etc/openldap/ldap.conf.default' to '/opt/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 1024 bit long modulus
..................++++++
..................++++++
e is 65537 (0x10001)
writing RSA key
 
Generating RSA private key, 1024 bit long modulus
...........++++++
.........................++++++
e is 65537 (0x10001)
writing RSA key
 
Moving '/opt/splunk/share/splunk/search_mrsparkle/modules.new' to '/opt/splunk/share/splunk/search_mrsparkle/modules'.
 
Splunk> Winning the War on Error
 
Checking prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking indexes...
                Creating: /opt/splunk/var/lib/splunk
                Creating: /opt/splunk/var/run/splunk
                Creating: /opt/splunk/var/run/splunk/appserver/i18n
                Creating: /opt/splunk/var/run/splunk/appserver/modules/static/css
                Creating: /opt/splunk/var/run/splunk/upload
                Creating: /opt/splunk/var/spool/splunk
                Creating: /opt/splunk/var/spool/dirmoncache
                Creating: /opt/splunk/var/lib/splunk/authDb
                Creating: /opt/splunk/var/lib/splunk/hashDb
                Validated databases: _audit _blocksignature _internal _thefishbucket history main summary
        Done
New certs have been generated in '/opt/splunk/etc/auth'.
        Checking filesystem compatibility...  Done
        Checking conf files for typos...        Done
All preliminary checks passed.
 
Starting splunk server daemon (splunkd)...  Done
                                                           [  OK  ]
Starting splunkweb...  Generating certs for splunkweb server
Generating a 1024 bit RSA private key
...................................++++++
.................................++++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=foo.local/O=SplunkUser
Getting CA Private Key
writing RSA key
                                                           [  OK  ]
Done
 
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
 
The Splunk web interface is at http://foo.local:8000

起動したらブラウザで http://あなたのサーバ:8000 にアクセスしてみましょう。


デフォルトのアカウント

  • user: admin
  • password: changeme

関連項目




スポンサーリンク