Skip to content
/ splunk-ansible Public

Ansible playbook to install a Splunk UF with a local syslog daemon

3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rbenigno/splunk-ansible

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
etc
etc
 
 
roles
roles
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
example_cust_vars.yml
example_cust_vars.yml
 
 
example_inventory
example_inventory
 
 
site.yml
site.yml
 
 

Repository files navigation

Ansible roles and playbooks for Splunk deployment

  1. Install Splunk binaries as needed:
  • Standard Splunk Install
  • Heavy Forwarder
  • Universal Forwarder
  1. Setup syslog-ng for centralized logging:
  • Install and configure syslog-ng.
  • Configure Splunk to monitor the syslog-ng logs.
  • Create cron job to delete old logs.

TODO

  • The task "Install Splunk Forwarder App" is not idempotent.
  • Fix the {{ splunk_home }} in the splunk_syslog_inputs role.
  • Create a custom sourceytpe for syslog-ng (make sure it works on Universal and Heavy forwarders)
  • Allow send_to_forwarder_app to be loaded from an external source (like the Splunk package).
  • Use cust_vars.yml to define the native Splunk UDP/TCP listeners.
  • Research the correct way to handle the default syslog-ng.conf file (just commenting defaults out now).
  • Only the platform specific splunk_forwarder tasks should be in centos.yml.

About

Ansible playbook to install a Splunk UF with a local syslog daemon

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages