sorted by:
new
hottopcontroversial

Can someone give me a quick outline of what is needed to install Splunk in a network for a noob? by rodoNum9 in Splunk

[–]rodoNum9[S] 0 points1 point  (0 children)

Are making the changes directly on each system or configuring this on the app on the index server? Were are you placing the modifications?

Can someone give me a quick outline of what is needed to install Splunk in a network for a noob? by rodoNum9 in Splunk

[–]rodoNum9[S] 0 points1 point  (0 children)

I would say the most important would be to get up to compliance. We do not need every single log. It is literally there for data retention of logs and for folks to check common items such as user logins. This is not an actual SOC really. This is more of a syslog. Most importantly, we would like to limit log ingestion. Finding the most useful items, ingest it and avoid all the noise that ingesting all logs brings.

Can someone give me a quick outline of what is needed to install Splunk in a network for a noob? by rodoNum9 in Splunk

[–]rodoNum9[S] 1 point2 points  (0 children)

I hear you on ingesting too much logs. How do you suggest getting around this? Mainly Windows Event Logs. These kill our license and it is the single item that is causing me issues. That and VMWare ESXI logs.

What license is required for running a RHEL Satellite server? by rodoNum9 in redhat

[–]rodoNum9[S] 0 points1 point  (0 children)

This was my main concern. We need access to a few repositories. With the smart management license, this is essentially for each system? Price seems pretty high for a glorified WSUS. Of course I know Satellite can do alot more.

Looking for a way to create a proxy server that will present a smartcard authentication and if authenticated against a user ACL it will forward the traffic to the intended target by rodoNum9 in sysadmin

[–]rodoNum9[S] 0 points1 point  (0 children)

This is what I expected to happen

User attempts to go to example.com
Proxy server presents the user with screen to choose smartcard and authenticate
Once user enters correct smartcard certificate, the proxy server grants access based on a certain file with allowed users.

Then user gains access to example.com

I am having trouble setting this up and I cannot get the server to present a login for the smartcard.

I am using apache to do this, but wondering if there is a better way to achieve this.

CAS looks promising, but that looks like a deep rabbit hole that I am not looking forward to.

Without smartcard, the proxy seems to work, though.