-
Notifications
You must be signed in to change notification settings - Fork 1
/
Install SplunkForwarder.sh
45 lines (37 loc) · 1.23 KB
/
Install SplunkForwarder.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
#Install or Upgrade Splunk Forwarder
##------------VARIABLES-----------
##FILE/FOLDER LOCATIONS
DOWNLOAD="/tmp"
LIMITS="$DOWNLOAD/limits.conf"
USERSEED="$DOWNLOAD/user-seed.conf"
TARGET="/Applications"
APPROOT="$TARGET/splunkforwarder"
SPLUNK="$APPROOT/bin/splunk"
LOG_NAME="COMPANY:SplunkForwarder"
##CONFIG DETAILS
SERV_IP="SERVERADDRESS:PORT"
AUTH="USER:PASS"
##---------------------------------
logger -t $LOG_NAME "Starting Splunk Install"
if [ -x "$SPLUNK" ]; then
logger -t $LOG_NAME "Stopping Splunk"
$SPLUNK stop > /dev/null 2>&1
rm -r "$APPROOT"
fi
## Unpack to Applications folder
logger -t $LOG_NAME "Unpacking to $TARGET"
tar -xzf "$DOWNLOAD/"splunkforwarder*.t[ag][rz] -C $TARGET/
# Move config file
mv $LIMITS "$APPROOT/etc/system/local/"
mv $USERSEED "$APPROOT/etc/system/local/"
# Hide application folder
chflags hidden $APPROOT
#Add server settings
logger -t $LOG_NAME "Setting server"
$SPLUNK set deploy-poll "$SERV_IP" -auth "$AUTH" --accept-license --answer-yes --auto-ports --no-prompt > /dev/null 2>&1
#Start Service
logger -t $LOG_NAME "Staring service"
$SPLUNK enable boot-start > /dev/null 2>&1
$SPLUNK start --accept-license --answer-yes --no-prompt > /dev/null 2>&1
logger -t $LOG_NAME "Install complete"