For Splunk Universal Forwarder and Splunk Cloud



Similar documents
This document details the procedure for installing Layer8 software agents and reporting dashboards.

Advanced Install & Configuration Guide

Pearl Echo Installation Checklist

4cast Client Specification and Installation

Installation and Deployment

Installation Instructions Release Version 15.0 January 30 th, 2011

INSTALL AND CONFIGURATION GUIDE. Atlas 5.1 for Microsoft Dynamics AX

ACTIVE DIRECTORY DEPLOYMENT

NETWRIX WINDOWS SERVER CHANGE REPORTER

CYCLOPE let s talk productivity

Table of Contents. FleetSoft Installation Guide

Quick Start Guide. User Manual. 1 March 2012

Mirtrak 6 Powered by Cyclope

User Installation Guide

Synchronizer Installation

Enterprise Remote Control 5.6 Manual

Egress Switch Client Deployment Guide V4.x

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Using Remote Web Workplace Version 1.01

TANDBERG MANAGEMENT SUITE 10.0

Embarcadero Performance Center 2.7 Installation Guide

Network Setup Instructions

Installation Guide: Delta Module Manager Launcher

Redtail CRM Integration. Users Guide Cities Digital, Inc. All rights reserved. Contents i

Receptionist-Small Business Administrator guide

XenClient Enterprise Synchronizer Installation Guide

PHD Virtual Backup for Hyper-V

Distributing SMS v2.0

MITA VPN Client Software Installation Guide

Installation Guide - Client. Rev 1.5.0

Deployment of Keepit for Windows

Automating client deployment

Installation Instruction STATISTICA Enterprise Small Business

Installation Assistance Windows/Microsoft Updates Updating from Spectra or Upgrading from Spectra 6.x...

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Ajera 7 Installation Guide

MARSHAL REPORTING CONSOLE VERSION 2.5 INSTALLATION GUIDE

VMware Horizon Mirage Installation Guide

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Check Point FDE integration with Digipass Key devices

Contents Minimum Requirements... 2 Instructions... 2 Troubleshooting... 7

ShareFile On-Demand Sync can be installed via EXE or MSI. Both installation types can be downloaded from

Installation Manual (MSI Version)

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Coillte IT has recently upgraded the Remote Access Solution to a new platform.

Diamond II v2.3 Service Pack 4 Installation Manual

Desktop Surveillance Help

Installation Instruction STATISTICA Enterprise Server

NetWrix USB Blocker Version 3.6 Quick Start Guide

MED ACCESS USER INSTRUCTIONS FOR INSTALLING THE CITRIX RECEIVER FOR ACCESS TO ALBERTA NETCARE VIA PLB

Network Connect Installation and Usage Guide

Remote Desktop Reporter Agent Deployment Guide

Resolving H202 Errors (INTERNAL)

Issue Tracking Anywhere Installation Guide

Consolidated Monitoring, Analysis and Automated Remediation For Hybrid IT Infrastructures. Goliath Performance Monitor Installation Guide v11.

Amadeus Selling Platform 3.1 P120

NETWRIX IDENTITY MANAGEMENT SUITE

Password Manager Windows Desktop Client

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Web-Access Security Solution

Freshservice Discovery Probe User Guide

WA2192 Introduction to Big Data and NoSQL. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc. 1

NetWrix USB Blocker. Version 3.6 Administrator Guide

SYSTEM REQUIREMENTS...3

DriveLock Quick Start Guide

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

XenApp 7.7 Deployment ISO. 5 th January 2016

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Core Protection for Virtual Machines 1

KB-365CP Certiport Level One (L1) Technical Support

SC-T35/SC-T45/SC-T46/SC-T47 ViewSonic Device Manager User Guide

Autograph 3.3 Network Installation

Verizon Remote Access User Guide

GFI Product Manual. Web security, monitoring and Internet access control. Administrator Guide

NTP Software File Auditor for Windows Edition

Citrix Access Gateway Plug-in for Windows User Guide

Matisse Installation Guide for MS Windows

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Administrator s Guide

Installation Notes for Outpost Network Security (ONS) version 3.2


1. Server Microsoft FEP Instalation

ilaw Installation Procedure

4.0 SP1 ( ) November P Xerox FreeFlow Core Installation Guide: Windows Server 2008 R2

Pcounter Web Report 3.x Installation Guide - v Pcounter Web Report Installation Guide Version 3.4

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

Introduction and Overview

Team Foundation Server 2013 Installation Guide

1. Installation Overview

How To Deploy Lync 2010 Client Using SCCM 2012 R2

Preparing Your Network for an MDsuite Installation

Summer 2013 Cloud Initiative. Release Bulletin

WA2256 Responsive Mobile Web Development with HTML5, CSS3, JavaScript, and jquery Mobile. Classroom Setup Guide. Web Age Solutions Inc.

Technology Services Group Procedures. IH Anywhere guide. 0 P a g e

Aspera Connect User Guide

Installation Guide. McAfee SaaS Endpoint Protection 6.0

Transcription:

Quick Start Guide; For Splunk Universal Forwarder and Splunk Cloud This document details the procedure for manually installing Layer8 software agents, and forwarding data to an existing Splunk Enterprise or Splunk Cloud installation utilizing the Splunk Universal Forwarder. Version: 3.5

Contents 1. Introduction to Layer8 2. Layer8 Components 3. Hardware & Software Prerequisites 4. User Account Configuration Steps 5. Installation & Removal 6. License Keys 7. Troubleshooting & Technical Support About This Quick Start Guide This guide provides information to manually install Layer8 agents via a supplied batch file, which can be useful for testing a small group of systems. This guide provides details for customers who already use Splunk Enterprise or Splunk Cloud, and have already deployed or wish to deploy the Splunk Universal Forwarder to endpoints. For deployments of Layer8 agents via Group Policy, SCCM or other standard MSI deployment tools, please consult the Layer8 Advanced Install Guide. NOTE: Splunk Cloud and Splunk Universal Forwarder Layer8 is supplied with its own built in data Forwarder Service. When using only the Layer8 forwarder, only Layer8 data is collected. If you are using the Splunk Universal Forwarder, the supplied Layer8 forwarder relays data onto the Splunk Universal Forwarder for delivery to the Splunk server alongside other data you may be collecting. Consult the Layer8 Quickstart or Advanced Install guides for details. http://logfiller.com Page 2

1. Introduction to Layer8 Layer8 from Logfiller measures the actual usage and User Experience of all Windows based systems, logon delays, applications and web services. From Logon to Logoff and everything in between, Layer8 s patent pending technology provides unique insights that also complement machine data sources. 2. Layer8 Components Layer8 generates data via an installed agent, a data forwarder service and web browser extensions installed on each Windows endpoint / server. The following are included as standard MSI packages in the Layer8 installation download; a) Layer8 User Experience Meter Agent ( uxmtr ) b) Layer8 Forwarder Service ( dcac ) c) Layer8 Web Browser extensions for IE and Chrome Both agents ( uxmtr and dcac ) are required for all installation endpoints. The browser extensions are optional. 3. Hardware & Software Prerequisites Layer8 can be installed on any system which runs Windows XP and higher, 32-bit or 64-bit, physical or virtual, servers, workstations or laptops. Standalone and domain users are supported. Microsoft Windows XP/SP3, 2003/SP2, Vista, 2008, 2008R2, 2012, 2012 R2, 7, 8, 8.1+, 10 Microsoft Terminal Services / Microsoft Remote Desktop Services servers Virtualization platforms - Citrix XenApp, XenDesktop, VMware Horizon, Hyper-V RAM Usage 2MB to 6MB Processor usage negligible. Disk Space - average of 0.2MB to 1MB per day of temporary per user One or more Web Browsers e.g. Internet Explorer, Chrome or Firefox For reporting: Splunk Enterprise, Splunk Cloud, or any other SIEM / Log Manager solution Other than Windows, there are NO other software prerequisites i.e. there is no requirement for Java,.NET, Javascript etc. installed on any system. http://logfiller.com Page 3

4. User Account Configuration Steps In order to calculate Logon Delays Layer8 needs to be able to read the local Windows Security Event Log. There are two ways to approach this, dependent on whether the endpoints you are deploying to are running Windows XP or Windows Vista and above. NOTE: If deploying across a network with Active Directory, changes can be made to Group Policy as needed. Consult the Layer8 Advanced Install Guide for instructions using this method. Windows XP Procedure: As a Local Administrator, open a command prompt or click "Start Run" and enter secpol.msc In the "Local Security Settings" window, expand Local Policies Audit Policy Audit Logon Events, enable Success In the "Local Security Settings" window, expand User Rights Assignment Manage auditing and security log, double-click and add Domain Users or Everyone as required Close the "Local Security Settings" window Windows Vista and above Procedure: As a Local Administrator, open a command prompt or click "Start Run" and enter lusrmgr.msc In the "Local Users and Groups" window, double-click "Groups" "Event Log Readers" "Add". Enter the local username to add (eg. Domain Users/Everyone). Click "Check Name" then "OK" "OK" and close the "Local Users and Groups" window. http://logfiller.com Page 4

5. Installation & Removal The key steps for manually installing Layer8 agents are as follows: Configure Splunk Cloud (if used) Download and install the Layer8 App for Splunk into Splunk Cloud OR Splunk Enterprise Install and configure the Splunk Universal Forwarder Install the Layer8 agents Configure Splunk Cloud If required create a Splunk Cloud trial environment at http://splunk.com Install the Layer8 App for Splunk in Splunk (Cloud OR Enterprise) Click Apps Manage Apps Install App from file and select the Layer8 App for Splunk file from the Layer8 installation package For Splunk Cloud only, go to Settings Forwarding and Receiving Configure Receiving and click ENABLE. http://logfiller.com Page 5

Install Splunk Universal Forwarder on Endpoints Deployment of the Splunk Universal Forwarder onto endpoints is NOT covered in this guide. There are multiple options and configuration settings. Please consult Splunk documentation. Once installed, the Splunk Universal Forwarder must be configured to look for Layer8 generated data on the endpoint. Edit the INPUTS.CONF File The following entries need to be added to the inputs.conf file, which is normally located at C:\Program Files\SplunkUniversalForwarder\etc\system\local [monitor://$allusersprofile\logfiller\lf-data] disabled = false sourcetype=logfillerdata index=logfiller [monitor://$allusersprofile\logfiller\lf-alerts] disabled = false sourcetype=logfilleralerts index=logfiller [monitor://$allusersprofile\application Data\logfiller\lf-data] disabled = false sourcetype=logfillerdata index=logfiller [monitor://$allusersprofile\application Data\logfiller\lf-alerts] disabled = false sourcetype=logfilleralerts index=logfiller Edit the OUTPUTS.CONF File Next, if using Splunk Cloud, the Splunk Universal Forwarder must be configured to send the Layer8 data from the endpoints to the Splunk Cloud service. The following (sample) entries need to be added to the outputs.conf file, which is normally located at: C:\Program Files\SplunkUniversalForwarder\etc\system\local [tcpout] defaultgroup = sandbox [tcpout:sandbox] server = input-your.splunkaccount.here.splunktrial.com:9997 maxqueuesize = auto disabled = false NOTE: Your outputs.conf file may vary greatly. The above is for reference only. Consult the Splunk documentation for full deployment information. http://logfiller.com Page 6

Install the Layer8 Agents The following describes installing via supplied batch file, for Group Policy, SCCM deployment consult the Advanced Install Guide. Extract the Layer8 software package to any local, network drive letter or UNC share. MANDATORY STEP 1: In the installation folder, rename the file config.universalforwarder to config.ini. MANDATORY STEP 2: Using notepad or similar edit the supplied Layer8_InstallAll.EDITTHIS file and specify the UNC path to the root of extracted Layer8 software folder. Save the file with a.bat extension Temporarily disable any anti-virus or other software / application blocking feature which may interfere with installation. As a Local Administrator, open a command prompt and change directory to the Layer8 installation folder. Run the Layer8_InstallAll batch file. Reboot the computer and start using it as normal. http://logfiller.com Page 7

Start Internet Explorer, Firefox and Chrome and enable / allow the Layer8 extension / add-on when prompted (or enforce via group policy). Login to Splunk and analyze your collected data using the supplied for Splunk Dashboards & reports. NOTE: You can check everything is installed and working by viewing the Layer8 Status Page available by clicking Start Program Files Logfiller Layer8 Status Page. Removing the Layer8 Agents The Layer8 agents are manually uninstalled using Control Panel Add/Remove Programs. http://logfiller.com Page 8

6. License Keys Trial and Permanent License Keys When you install Layer8 a trial license key is provided which allows data generation for 30 days. When you purchase Layer8 you will be provided with a License key in the form of a LICENSE.INI file. To publish the License key, simply copy the supplied file into the central deployment folder. For example, copy LICENSE.INI into; \\myserver\layer8\ On next restart, or policy refresh your client computers will pick up this new license key. http://logfiller.com Page 9

7. Troubleshooting & Technical Support Layer8 on Client Systems For troubleshooting missing / non-reported Layer8 data: Check that anti-virus or other endpoint protection software (including Windows 8 Defender or SmartScreen) has not disabled or blocked installation of the Layer8 agents. On the client computer, click Start Program Files Logfiller Layer8 Status Page or in any web browser, enter the URL http://127.0.0.1:50291/status?99. This status page will provide details on the Layer8 agent configurations, data upload status, errors, licensing and more. If the Status Page is not available, open the Windows Event Viewer. Layer8 reports successful program startup, configuration, and any license or policy errors to the Application Log and/or the Logfiller Log. http://logfiller.com Page 10

For missing Logon Delay Times, verify the policies and group permissions from Section 4 are correctly configured. A correctly-configured system will show the following Logon Delay calculation in the local Windows Logfiller Application Event Log note the three uxmtr source events, the Logon Delay will be the third event generated immediately after the user logs onto their machine. Visit http://support.logfiller.com for further KB s and other information. Splunk Cloud / Splunk Universal Forwarder Please consult the Splunk Answers KB's at http://splunk.com for issues relating to Splunk Cloud and Splunk Universal Forwarder. The following troubleshooting steps may be of use: Check the firewall ports are open and allow the Splunk Universal Forwarder to send data to the Splunk Cloud. In the Splunk Cloud account, make sure you have enabled the receiver, and port 9997 is configured. Check the Splunk Universal Forwarder logs for errors. These are normally located in C:\Program Files\SplunkUniversaForwarder\var\log on the client system. http://logfiller.com Page 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information