Scribd Logo
Upload

Welcome to Scribd!

  • AWS Command List

    Uploaded by

    Abitha K S
    14 views4 pages
    1. Install the Apache web server on the Ubuntu server and add an HTML file with links to generate traffic. 2. Configure the Splunk Universal Forwarder on the web server to forward the Apache access logs to Splunk. 3. Verify logs are being forwarded to Splunk and are visible in the configured index.

    Original Description:

    Original Title

    AWS Command List.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. Install the Apache web server on the Ubuntu server and add an HTML file with links to generate traffic. 2. Configure the Splunk Universal Forwarder on the web server to forward the Apache access logs to Splunk. 3. Verify logs are being forwarded to Splunk and are visible in the configured index.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views4 pages

    AWS Command List

    Uploaded by

    Abitha K S
    1. Install the Apache web server on the Ubuntu server and add an HTML file with links to generate traffic. 2. Configure the Splunk Universal Forwarder on the web server to forward the Apache access logs to Splunk. 3. Verify logs are being forwarded to Splunk and are visible in the configured index.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    Paste the commands as it is

    into the terminal


    Real time data need to be
    filled using aws console
    Commands & Steps to Install Splunk Enterprise Package:
    1. After opening ssh connection in Putty you are supposed to enter user name enter: ec2-user
    2. sudo su ( To get super user permission )
    3. cd /opt ( All external softwares will be installed in opt folder like C drive in windows, so cd command
    is used to change directory)
    4. paste the wget command that you had copied from Splunk Website ( Hint: right click & whole command
    including wget will be copied automatically)
    If any error occurs saying not able to install –Mean wget command is not installed
    5. Type yum install wget ( to install wget command Retry the step4 after completing step5)
    6. Type ls ( should see the folder named as splunk ***)
    7. Type tar xvzf <splunk-package-link> ( Hint: Afer typing tar xvzf press tab )- Command
    used to extract files
    8. Type ls ( you should see the extracted file )
    9. Type cd splunk
    10. Type cd bin
    11. Type sudo ./splunk start --accept-license ( To start Splunk services )
    12. set username and pwd
    13. Type sudo ./splunk enable boot-start ( Used to automatically start splunk services on boot
    )
    14. Go to browser type http://<paste public ip of splunk instance>:8000 ( Splunk
    works by default on port 8000)

    Note: Check whether you have opened the port 8000 and 9997 in your Redhat Linux Instance.

    -------------------------------This Completes Installation of Splunk Enterprise Package----------------------------------


    Commands & Steps to Configure and Onboard Web server.
    Prerequisites ( Complete till step18 before the training starts no need to show these configurations to students)

    1. After opening ssh connection in Putty you are supposed to enter user name enter: ubuntu
    2. sudo apt update
    3. sudo /var
    4. cd /var
    5. ls (Confirm that No folder named as www should be there )
    6. sudo apt install apache2
    7. ls ( should see folder www)
    a. cd www
    8. cd html
    9. ls ( should see index.html)
    10. sudo rm index.html
    11. sudo vi index.html
    12. press insert 🡪paste the code(available at the end of the document)🡪 hit esc 🡪type :wq🡪Press Enter
    13. cd /var/log
    14. ls
    15. cd apache2
    16. ls
    17. tail –f ( press Ctrl + c )
    Check whether the website is up and running by typing the below
    command in browser https://public ip of webserver:80

    Students Demo ( Here onwards need to show Demo to Students )

    Then go to your splunk app Under settings🡪 Indexes🡪click on new indexes ( And name it
    as webserver )

    i[[Commands to Onboard Webserver


    1. cd /opt
    2. sudo su
    3. paste the wget command that you had copied from Splunk Website under Universal forwarder
    ( Hint: right click & whole command including wget will be copied )
    4. Type tar xvzf < splunk-package-link> ( Hint: Afer typing tar xvzf press tab )-
    Command used to extract files
    5. cd splunkforwarder/etc/system/local
    6. lsx

    7. sudo vi inputs.conf ( press insert 🡪paste the below code🡪hit esc 🡪type :wq🡪 Press
    Enter)

    [monitor:///var/log/apache2/access.log]
    index=webserver
    sourcetype=access_combined

    8. sudo vi outputs.conf ( press insert 🡪paste the below code ( enter private IP)🡪hit esc
    🡪type :wq🡪Press Enter )

    [tcpout:tosplunk]
    server=paste private IP of splunk:9997

    9. cd ../../../bin/
    10. sudo ./splunk start --accept-license
    11. sudo ./snk enable boot-start

    For any Error if logs are not visible in splunk restart webserver by
    typing the command after step 9 sudo ./splunk restart

    Use this HTML Code in StepNo 13

    <body>

    <imgsrc="SOCExperts.png"alt="SOC Experts"style="width:50%;">

    <h1>Welcome to SOC Experts Splunk Lab</h1>

    <h3>Click on any of the links to generate some traffic</h3>

    <div>

    <ahref="https://www.google.com/search?q=soc+experts+review&rlz=1C5CHFA_enIN919IN919&oq=soc+experts&aqs=chro
    me.1.69i59j35i39j0l3j69i60l3.5578j0j7&sourceid=chrome&ie=UTF-8#lrd=0x3bae14e2cc6bea2f:0xf8c207b928c25f0c,1,,,"target
    ="_blank">STUDENT REVIEWS</a><br><br>

    <ahref="https://www.socexperts.com/"target="_blank">WEBSITE</a><br><br>

    <ahref="https://www.linkedin.com/organization-guest/company/socexperts"target="_blank">LINKEDIN</a><br><br>

    <ahref="https://www.facebook.com/SOCExperts"target="_blank">FACEBOOK</a><br><br>

    <ahref="https://www.instagram.com/soc_experts/"target="_blank">INSTAGRAM</a>
    </div>

    </body>

    </html>

    You might also like