用户seed.conf文件和passwd文件之间的差异splunk univeres expryerer安装
我正在创建自动化脚本以安装Splunk Universal Fewracker。我想了解创建的用户seed.conf文件和passwd文件的更多信息。
众所周知,安装Splunk UF要求当我们启动Splunk服务并接受许可时,要求创建管理员帐户。
步骤1:
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes
当我们尝试将Fewracker添加到索引器连接中时,它要求我们使用相同的用户名和密码进行身份验证。
步骤2:
/opt/splunkforwarder/bin/splunk add forward-server test_server:9997
根据我的理解,此身份验证围绕用户seed.conf file和passwd.conf文件
user-seed.conf - $SPLUNK_HOME/etc/system/local
passwd - $SPLUNK_HOME/etc/passwd
方案旋转:
- 有时步骤2中的身份验证失败了,在这种情况下,我只看到了user-seed.conf文件,但是创建了conf文件。我更改Admin用户名和密码身份
- 验证在步骤2中成功了,尽管我更改了Admin的用户名和密码,但在这里仅创建了PassWD文件。
- 有时,Add Fewarder会使用管理员帐户身份验证。
现在,我的脚本正在工作,我在第2点。但是我坚持理解为什么会发生上述情况?上述情况是我的观察,但我仍然不清楚和困惑。
请谁能帮助我更好地理解这一点? 用户种子和PassWD Conf文件之间的实际区别是什么? 为什么我只看到创建用户种子的conf文件而不是passWD?
抱歉,如果我的观察完全错误。我是这个新手。我通过互联网浏览了许多博客,但仍然不清楚。请帮助我的投入。
提前致谢, NVP
I am working on creation of automation script to install splunk universal forwarder. I wanted to understand more on user-seed.conf file and passwd file being created.
As we know, installing splunk UF asks for creation of administrator account when we start the splunk service and accept license.
Step 1:
/opt/splunkforwarder/bin/splunk start --accept-license --answer-yes
When we try to add forwarder to indexer connection , it asks us to authenticate with same username and password.
Step 2 :
/opt/splunkforwarder/bin/splunk add forward-server test_server:9997
As per my understanding this authentication revolves around user-seed.conf file and passwd.conf file
user-seed.conf - $SPLUNK_HOME/etc/system/local
passwd - $SPLUNK_HOME/etc/passwd
Scenarios I faced :
- sometimes the authentication in step 2 was failing, in that case I saw only user-seed.conf file was created though I change admin username and password
- Authentication was successful in step 2 and here only passwd file was being created , though I changed username and password of admin.
- sometimes add forwarder was working with admin account authentication.
Now, my script is working and I am in point 2 . But I am stuck in understanding why the above scenarios happened ? The above scenarios are my observations, still I am unclear and confused.
Please can anyone help me in understanding this better ?
what is the actual difference between user-seed and passwd conf file ?
Why did I see only user-seed conf file being created and not passwd ?
Apologies , if my observations is completely wrong. I am newbiew to this. I went through many blogs over Internet, still not soo clear. Please help me with your inputs .
Thanks in advance,
NVP
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
user-seed.conf文件仅在Splunk启动时将凭据加载。一旦将凭据存储在etc/passWD用户seed.conf中。此后,仅使用PASSWD来验证用户。但是,您不需要凭据即可配置转发器。您需要做的就是编辑适当的.conf文件,然后重新启动转发器。
The
user-seed.conffile is used only to load credentials when Splunk starts. Once the credentials are stored in etc/passwd user-seed.conf is deleted. Thereafter, only passwd is used to authenticate users.You don't need credentials to configure a forwarder, though. All you need to do is edit the appropriate .conf file and then restart the forwarder.