Linux Splunk Forwarder fails locally

splunk / attack_range

A tool that allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk

Apache License 2.0

2.08k stars 349 forks source link

Linux Splunk Forwarder fails locally #840

Closed Bob-The-User closed 9 months ago

Bob-The-User commented 1 year ago

TASK [splunk_byo_linux : restart splunk] ***************************************
fatal: [ar-linux-attack-range-key-pair-ar-0]: FAILED! => {"changed": true, "cmd": ["systemctl", "restart", "SplunkForwarder"], "delta": "0:00:00.017162", "end": "2023-08-09 16:40:56.833652", "msg": "non-zero return code", "rc": 5, "start": "2023-08-09 16:40:56.816490", "stderr": "Failed to restart SplunkForwarder.service: Unit SplunkForwarder.service not found.", "stderr_lines": ["Failed to restart SplunkForwarder.service: Unit SplunkForwarder.service not found."], "stdout": "", "stdout_lines": []}

it seems to fail starting the service regardless of any other setting

P4T12ICK commented 1 year ago

Can you provide your attack_range.yml configuration?

Bob-The-User commented 1 year ago

general: cloud_provider: local attack_range_password: *** local: {} windows_servers:

hostname: ar-win-dc windows_image: windows-2016-v3-0-0 create_domain: '1' install_red_team_tools: '1' bad_blood: '1'
hostname: ar-win-2 windows_image: windows-2016-v3-0-0 join_domain: '1' install_red_team_tools: '1' linux_servers:
hostname: ar-linux

Bob-The-User commented 11 months ago

Any updates?

Bob-The-User commented 10 months ago

any updates?

P4T12ICK commented 9 months ago

Sorry for my late reply. I will take a look into this.

P4T12ICK commented 9 months ago

I was not able to reproduce your issue. I was using your attack_range.yml configuration and the latest version of the Attack Range. Can you make sure you have the latest version pulled from GitHub?