Giter VIP home page Giter VIP logo

docker-splunk-hec's Introduction

Install software

git clone https://github.com/sonnyyu/docker-splunk-hec
cd docker-splunk-hec

Get Server Certificate "server.pem"

Use mtls-cert-manage generate server/client/ca certificate

https://github.com/sonnyyu/mtls-cert-manage

Copy Certificate from mtls-cert-manage

cd ~/mtls-cert-manage/pki/splunkcerts
cp ca.crt server.pem ~/docker-splunk-hec/splunk/certs
sudo cp 192.168.1.204.pem 192.168.1.204.key ~/docker-splunk-hec/splunk/webcerts

Build Splunk docker image

docker-compose build

Getting Splunk started

docker-compose up -d

Quit

docker-compose down

Quit and remove Volume

docker-compose down -v

Test web interface

curl -k https://192.168.1.204:8000

Test web interface with ca

cd ~/docker-splunk-hec/splunk/certs
curl --cacert ca.crt https://192.168.1.204:8000

Import CA certificate at PC

Install certificate

sudo apt-get install -y ca-certificates
cd ~/docker-splunk-hec/splunk/certs
sudo cp ca.crt /usr/local/share/ca-certificates
sudo update-ca-certificates

Test web interface

curl https://192.168.1.204:8000

Open Splunk from Browser

https://192.168.1.204:8000

Testing splunk-hec allows curl to proceed and operate even for server connections otherwise considered insecure

curl -k "https://192.168.1.204:8088/services/collector" \
    -H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'

Testing splunk-hec by add the CA cert for your server to the existing default CA certificate store (CURL)

cd ~/docker-splunk-hec/splunk/certs
curl --cacert ca.crt  "https://192.168.1.204:8088/services/collector" \
-H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
-d '{"event": "Hello, world!", "sourcetype": "manual"}'

Testing splunk-hec after install ca.crt into CA certificate store (OS)

curl  "https://192.168.1.204:8088/services/collector" \
    -H "Authorization: Splunk 3f066d2a-c871-4800-87fc-e6be5fa69f1b" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'

Generate Universally Unique Identifiers (UUIDs) with uuidgen

sudo apt update
sudo apt install uuid-runtime
uuidgen
Output
4c061a62-deae-49da-bdbe-6a4aad67d5f9

Update Universally Unique Identifiers (UUIDs)

nano ~/docker-splunk-hec/splunk/inputs.conf

docker-splunk-hec's People

Contributors

sonnyyu avatar superadmin88 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.