Security

Cant connect to port 8089 non-localhost, just only localhost

s2upin
Explorer

I'm just install splunk enterprise in centos 7 , but i cant connect splunk enterprise with port 8089 by python sdk in non-localhost, but i can connect and run script in localhost , anyone have solve ?

Tags (1)
0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Hi s2upin,

you probably need to add the port to firewalld.

first, verify that splunkd is indeed listening:

[splunker@n00bserver ~]$ ss -tulpn | grep 8089
tcp    LISTEN     0      128       *:8089                  *:*                   users:(("splunkd",pid=11047,fd=5))

The do:

firewall-cmd --add-port 8089/tcp --permanent
firewall-cmd --reload

Verify with:

[root@n00bserver ~]# firewall-cmd --list-ports
5907/tcp 1022/tcp 5908/tcp 5222/tcp 9997/tcp 8089/tcp 5900/tcp 5901/tcp 5904/tcp 5905/tcp 80/tcp 514/udp 8000/tcp 5902/tcp 5903/tcp 5906/tcp
- MattyMo

View solution in original post

0 Karma

mattymo
Splunk Employee
Splunk Employee

Hi s2upin,

you probably need to add the port to firewalld.

first, verify that splunkd is indeed listening:

[splunker@n00bserver ~]$ ss -tulpn | grep 8089
tcp    LISTEN     0      128       *:8089                  *:*                   users:(("splunkd",pid=11047,fd=5))

The do:

firewall-cmd --add-port 8089/tcp --permanent
firewall-cmd --reload

Verify with:

[root@n00bserver ~]# firewall-cmd --list-ports
5907/tcp 1022/tcp 5908/tcp 5222/tcp 9997/tcp 8089/tcp 5900/tcp 5901/tcp 5904/tcp 5905/tcp 80/tcp 514/udp 8000/tcp 5902/tcp 5903/tcp 5906/tcp
- MattyMo
0 Karma

s2upin
Explorer

Tks you so much 😄

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

Probably a firewall issue

On local host run:
systemctl stop firewalld
If that fixes the issue, then you know it is the firewall on the local host. If that does not fix the issue then most likley there is another firewall off the box.

If the first one fixes your issue then the solution would be to create a firewall policy that would allow remote connectivity to your box on the splunk ports and turn your firewall back on.

Okie

jwelch_splunk
Splunk Employee
Splunk Employee

Examples below

Splunk Enterprise also requires several ports to be opened through the firewall(s). To allow
these ports through the built-in firewalld on RHEL enter the following commands:
sudo firewall-cmd -permanent --add-port =8000/tcp
sudo firewall-cmd -permanent --add-port =9997/tcp
sudo firewall-cmd -permanent --add-port =514/tcp
sudo firewall-cmd -permanent --add-port =514/udp
sudo firewall-cmd -reload
sudo firewall-cmd -list-ports
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...