Exploit This

Security News, Exploits, and Vulnerabilities.

How to Set-Up Splunk on a free Micro AWS instance

How to install Splunk on a free AWS micro instance

This guide assumes you already have the Micro EC2 Instance up and running and you have ssh access.

Download Splunk.

wget -O splunk-6.2.3-264376-linux-2.6-x86_64.rpm 'http://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.3&product=splunk&filename=splunk-6.2.3-264376-linux-2.6-x86_64.rpm&wget=true'

Install Splunk

rpm -ivh splunk-6.2.3-264376-linux-2.6-x86_64.rpm

Splunk is now installed, lets start it.

cd /opt/splunk/bin/
./splunk start

You will be prompted to agree to the license, other than that the defaults should be fine.

Configure access to port 8000 on the software firewall

Depending on what distro of linux you are using this part may vary. I prefer SuSE linux, so I used YaST to open up the port.

Start YaST

yast

Select Security and Users

Select Firewall

Select Allowed Services

Select Advanced

Here you type in 8000 under TCP Ports

Close the advanced configuration by selecting OK.

Click Next and then Finish.

The software firewall will now allow TCP access on port 8000

Configure access on the AWS side

Log into your AWS console

  • Navigate to the EC2 instances page
  • Navigate to the Security Groups
  • Highlight the security group
  • Navigate to the Inbound Tab
  • Click Edit
  • Click Add Rule
  • Select Custom TCP Rule
  • For Port put 8000
  • For the Source put ANY if you want to allow access from anywhere or put My IP or Custom IP if you want to limit access
  • Now click Save

ec2screenshotFor more information on AWS security groups please check out this website.

Configure access through CloudFlare.

  • Log into your CloudFlare Panel here
  • Click on the domain that you have Splunk hosted on
  • Navigate to the DNS tab
  • Enter the information like shown below using the IP address of your server
  • Click Add Record

cfscreenshotYou can now visit splunk.yourwebsite.com:8000 and log into Splunk’s admin panel.

If you run into any problems or have any questions please drop me a comment here or reach out to me on twitter.

 

 

 

Leave a Reply

%d bloggers like this: