splunk 安装

in 日志分析 with 0 comment

Splunk是一款强大的日志分析和采集程序
<h3>下载splunk</h3>
官网地址:http://www.splunk.com/en_us/download/splunk-light.html    下载的话需要先在官网注册一个账号才可以。

软件版本:splunklight-6.3.2版本

系统环境:Centos6.5  x86_64

IP:192.168.199.151

1.首先关闭防火墙

#service iptables stop 
#vi /etc/sysconfig/selinux 
SELINUX=disabled 
或者 
#setenforce 0

2.下载

#wget -O splunklight-6.3.2-aaff59bb082c-Linux-x86_64.tgz 'http://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&;platform=linux&version=6.3.2&product=splunk_light&filename=splunklight-6.3.2-aaff59bb082c-Linux-x86_64.tgz&wget=true'
#tar -zxf&nbsp;splunklight-6.3.2-aaff59bb082c-Linux-x86_64.tgz
#mv splunk /usr/local/

<h3>安装及配置</h3>

# cd /usr/local/splunk/bin
# ./splunk enable boot-start                 (需要浏览完协议最后输入y,如下显示结果)

Do you agree with this license? [y/n]: y         

This appears to be your first time running this version of Splunk.
Copying '/usr/local/splunk/etc/openldap/ldap.conf.default' to '/usr/local/splunk/etc/openldap/ldap.conf'.
Generating RSA private key, 1024 bit long modulus
...++++++
...++++++
e is 65537 (0x10001)
writing RSA key

Generating RSA private key, 1024 bit long modulus
...................................................................++++++
............................................................................++++++
e is 65537 (0x10001)
writing RSA key

Moving '/usr/local/splunk/share/splunk/search_mrsparkle/modules.new' to '/usr/local/splunk/share/splunk/search_mrsparkle/modules'.
Init script installed at /etc/init.d/splunk.
Init script is configured to run at boot.
#复制配置文件
# cp /usr/local/splunk/etc/openldap/ldap.conf.default /usr/local/splunk/etc/openldap/ldap.conf
cp: overwrite `/usr/local/splunk/etc/openldap/ldap.conf'? y
#启动服务
# /etc/init.d/splunk start 
Starting Splunk...

Splunk> Be an IT superhero. Go home early.

Checking prerequisites...
    Checking http port [8000]: open
    Checking mgmt port [8089]: open
    Checking appserver port [127.0.0.1:8065]: open
    Checking configuration...  Done.
        Creating: /usr/local/splunk/var/lib/splunk
        Creating: /usr/local/splunk/var/run/splunk
        Creating: /usr/local/splunk/var/run/splunk/appserver/i18n
        Creating: /usr/local/splunk/var/run/splunk/appserver/modules/static/css
        Creating: /usr/local/splunk/var/run/splunk/upload
        Creating: /usr/local/splunk/var/spool/splunk
        Creating: /usr/local/splunk/var/spool/dirmoncache
        Creating: /usr/local/splunk/var/lib/splunk/authDb
        Creating: /usr/local/splunk/var/lib/splunk/hashDb
    Checking critical directories...    Done
    Checking indexes...
        Validated: _audit _internal _introspection _thefishbucket history main summary
    Done
New certs have been generated in '/usr/local/splunk/etc/auth'.
    Checking filesystem compatibility...  Done
    Checking conf files for problems...
    Done
    Checking default conf files for edits...
    Validating installed files against hashes from '/usr/local/splunk/splunklight-6.3.2-aaff59bb082c-linux-2.6-x86_64-manifest'
    All installed files intact.
    Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Generating a 1024 bit RSA private key
.++++++
..............++++++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=luoji/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available.. Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://luoji:8000     

在浏览器地址栏访问:http://192.168.199.151:8000,输入提示的账号及密码即成功访问,至此安装结束!

1.jpg

Responses