November 21, 2008

Installing Splunk Part 2 of 5 – Finishing the OS Install

This is the second part of the installation of the operating system
for a Splunk deployment. The first portion
of the installation got us through the longest part of the installation. We
have our partitions in place and are ready to move on to the next steps and finish
the installation.

  1. Click the “Software” portion
    of the installation summary to adjust the packages that are installed on the server.
  2. On the left hand side There will
    be a summary or all the packages that are installed by default. De-select
    all packages except the very top selection.
  3. Highlight File Server on the
    left of the screen. The window on the right of the screen
    will be populated with different file server utilities.
  4. Go down and select samba client
    utilities only not the entire Samba module.
  1. Click “Accept” in the bottom
    right of the screen. An automatic dependencies window
    will pop-up. Click OK. This
    will take you back to the installation summary page.
  2. Select install and allow the
    server to format the partitions and install the Operating System. If
    a DVD is used to install the Operating System the server should run the install for
    approximately 20 to 30 minutes and then reboot.
  1. Once the installation is complete,
    you will have to configure the system settings (NOTE. All
    configurations from this point forward will be performed in a Non-GUI environment
    so you will need to use the keyboard to navigate through the server.) Enter
    a password for “root”. Ensure that the password meets
    or exceeds currentpassword policies and is documented.
  1. Enter a hostname that conforms
    to your company’s
    system naming scheme. De-select the option to have the hostname updated via DHCP. Select
  1. The next screen will allow you
    to make changes to the network and firewall configuration. Tab
    to change in the bottom right of the screen and hit enter this will bring up the drop
    down menu for allowed changes.
  1. Select Firewall and hit enter
    to create the firewall allowed services and ports. Use
    the down arrow key on the firewall screen to select allowed services.
  1. Tab to the DHCP Client Section
    and press the down arrow key. This will bring up a list
    of pre-defined services. Still using the down arrow key
    scroll down to SSH.
  1. Once SSH is highlighted press
    enter and SSH will now be in the selection area where DHCP Client was. Tab
    to Add and press enter. This will show SSH in the allowed
    services box on the center of the screen.
  1. Use steps 66 and 67 to add HTTPS
    to the allowed services. Then tab to Advanced and press
    enter. In the advanced dialog box enter TCP Ports 8089,
    9997 these should be separated with a space. Then enter
    514 in UDP.Tab to OK and press enter.
  1. Tab to next and press enter.This
    will bring you back out to the Network Configuration main screen tab to change and
    press enter.Use the arrow key to select Network Interfaces.
  1. You will be presented with a
    list of the network interfaces found on the server. Typically
    on most servers there will be at least two or more interfaces. Select
    the interface that you have decided to use.
  1. Tab to Edit and press enter.Tab
    to Static IP and press the space bar to select static. Tab
    to IP Address and enter the IP that is assigned to this server. Change
    the SubNet Mask if appropriate and tab to Hostname and Name Server. Press
  1. Press enter and you will be brought
    into the DNS and hostname screen. Check the hostname and
    domain that was entered earlier and then tab to the name server sections and add the
    DNS servers that are assigned within
    your organization
  1. Tab to OK and press enter.This
    will bring you back to the Network Address Setup screen. Tab
    to Routing and press enter. Tab to the Default Gateway
    entry box and enter in the Default Gateway for the network.
  1. Tab to Ok and press enter.This
    will bring you back to the Network Setup Screen. Tab to
    OK and press enter. On the next screen tab to next and
    press enter.
  2. At this point you will be brought
    back to the Network Configuration screen, tab to Next and press enter.
  1. This will bring up the Saving
    Network Configuration screen with a status bar at the bottom. Once
    it reaches 100% it will take you to the next screen automatically.
  1. The next screen will be there
    to test the internet connection once you click next it should try to contact Novell
    to download the latest release notes. As long as it does
    not fail tab to Next and press enter.
  1. If the test fails. Tab
    to Next and press enter. Further troubleshooting will
    be contained later.
  2. The next screen will be the Selection
    of user authentication. For the purposes of the Splunk
    Deployment local authentication has been selected.
  1. Tab to Next and press Enter. This
    will bring you to the Local Users screen. Enter the information
    for at least one user. You have to have at least one user
    created as later in this document we will be disabling remote access for Root.
  1. Tab to Next and press enter.This
    will bring you to a System Configuration screen. The progress
    bar at the bottom of the screen will run through.
  1. Once the progress bar reaches
    100% you will automatically be brought to the next screen.
  2. The next two screens are erroneous
    for this installation. Next will be highlighted so you
    will just need to press enter to be advanced to the next screen until you reach the
    final installation screen.
  1. Tab to Finish and press enter.This
    will start to bring the server up for the first time. The
    initial screen will appear similar to this.
  1. Once the server is done starting
    it will provide you with a login prompt. Login as Root
    by typing root at the prompt and pressing Enter. You will
    then be prompted for the root user password. Enter the
    password. That’s it the basic operating system is installed and ready to go
    for you Splunk server. Although this could be used for a basic installation
    guide the partition layout is geared specifically for Splunk and would need to be
    adjusted for file server or web server duties. The final step is to try to ssh
    to the server ip and log in as root from another system on your network.One 

On the next installment of this blog I will go through the initial Splunk installation
and configuration. I will also discuss the architecture involved with log forwarding
to Splunk and the considerations for client deployment.