Splunk installation and LDAP integration

The installation steps are for RHEL 5 64 bit

1) Create user

#useradd -m splunkadm

#passwd splunkadm

Login an splunkadm

2) Install Splunk

Download splunk-4.1.3-80534-Linux-x86_64.tgz from splunk.com

Copy to /opt or install folder

#tar -xvf splunk-4.1.3-80534-Linux-x86_64.tgz

The contents will be extracted to /opt/splunk

3) Start Splunk

/opt/splunk/bin/splunk start

Launch the web console http://{ip_address}:8000

Login using user admin and password changeme

4) Check status

/opt/splunk/bin/splunk status

5) Import License

Navigate to Manager -> License. Paste your license.

Restart Splunk

/opt/splunk/bin/splunk restart

6) Email Settings

Navigate to Manager > System settings > Email alert settings

Set appropriate parameters. PDF report option can be selected.

7) Setup Authentication
a) Navigate to Manager > Access controls > Authentication method
Set appropriate parameters.
For Active Directory
Host: {your_ad_host}
Port: 389
Bind DN: {your_bind_user_id}
Bind DN Password: {your_bind_user_id_password}
User Base DN: {as appropriate}
User base filter: {Leave empty: set it later}

User name attribute: samaccountname
Real name attribute: cn
Group mapping attribute: dn
Group base DN: {as appropriate}
Group name attribute: cn
Group member attribute: member
Save

b) You should see a new link Configure LDAP role mapping
If you see any errors, correct the LDAP settings.
Click on the Configure LDAP role mapping link.
Select a group and asssign the desired roles.