Databases Reference
In-Depth Information
•
whitelist.x
and
blacklist.x
are tested against these values in the
following order:
°
clientName
as defined in
deploymentclient.conf
: This is not
commonly used but is useful when running multiple Splunk
instances on the same machine or when DNS is completely
unreliable.
° IP address: There is no CIDR matching, but you can use
string patterns.
° Reverse DNS: This is the value returned by DNS for an IP address.
If your reverse DNS is not up to date, this can cause you problems,
as this value is tested before the value of hostname, as provided by
the host itself. If you suspect this, try
ping <ip of machine>
or
something similar to see what the DNS is reporting.
° Hostname as provided by forwarder: This is always tested after
reverse DNS, so be sure your reverse DNS is up to date.
• When copying
:app:
lines, be very careful to update the
<className>
appropriately! This really is the most common mistake made in
serverclass.conf
.
Step 6 - Restarting the deployment server
If
serverclass.conf
did not exist, a restart of the Splunk instance running
deployment server is required to activate the deployment server. After the
deployment server is loaded, you can use the following command:
$SPLUNK_HOME/bin/splunk reload deploy-server
This command should be enough to pick up any changes to
serverclass.conf
and any changes in
etc/deployment-apps
.
Step 7 - Installing deploymentclient.conf
Now that we have a running deployment server, we need to set up the clients to call
home. On each machine that will be running the deployment client, the procedure is
essentially as follows:
1.
Copy the
deploymentclient-yourcompanyname
app to
$SPLUNK_HOME/etc/
apps/
.
2.
Restart Splunk.
Search WWH ::
Custom Search