I am attempting to set up 8 Windows machines to send the security logs to the Splunk Light server.
1) What exactly do i need to install on each machine?
2) Is there a command line to do it either silently or as a remote push?
3) What is the best place to see the configuration of which ports are being used?
I have searched and found fragments, not any kind of step by step instructions.
thanks for the help in advance
1) What exactly do i need to install on each machine?
Install the Universal forwarder.
http://www.splunk.com/en_us/download/universal-forwarder.html
2) Is there a command line to do it either silently or as a remote push?
Docs are here:
http://docs.splunk.com/Documentation/Splunk/6.2.5/Forwarding/Chooseyourplatform#Install_the_universa...
Also here:
http://docs.splunk.com/Documentation/Splunk/6.2.5/Forwarding/DeployaWindowsdfviathecommandline
(check the "When to install from the command line?" section)
3) What is the best place to see the configuration of which ports are being used?
Read these docs: http://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings%3F
Also this:
http://www.splunk.com/en_us/products/splunk-light/splunk-light-vs-splunk-enterprise.html