Hi Splunk community,
I have just a little question, I have some servers in a DMZ. All ports are blocked inside to this DMZ and this DMZ to inside.
I use WMI for getting logs with splunk. Which ports do I need open LAN -> DMZ and DMZ -> LAN? (tcp I think ?)
I don't use forwarder.
Thank you for your help,
splunk13
Hi all,
I up this topic because the answer's Ayn doesn't work.
Anyone has a solution for me ?
Thanks for your help !
Splunk13
Ok Thanks for you answer. But anyone has done that before ?
What do you mean "it doesn't work"? I didn't have any solution, just pointers to where you can read more about this 🙂
WMI queries is inherently not a Splunk functionality, it is a functionality in Windows and as such you really should be asking this on a Windows forum, not a Splunk forum.
Hi Ayn,
Thank you for you fast response !
I need do this manipulation on my splunk server, exact ?
Regards,
Splunk13
Not really a Splunk question, but here goes:
You don't need to open any ports from your DMZ to your LAN (which is just as well, because that would break the idea of a DMZ). As for communication from your LAN to your DMZ, normally WMI doesn't use fixed ports like that. It uses DCOM. Recent versions of Windows let you setup a fixed port though, more info here: http://msdn.microsoft.com/en-us/library/windows/desktop/bb219447%28v=vs.85%29.aspx
Hi, I have a similar problem with remote WMI requests.
We just have set on the remote server a static port for WMI requests. Seems to be working fine. But we noticed on a third party firewall that splunk forwarder tries to connect by other ports then defined on the remote server.
Is there any configuration on the forwarder possible, like a WMI port configuration or something like that?
With the documentation, I couldn't find any Information about this.
I know that WMI is not a splunk issue, but maybe we can manipulate it by splunk. 🙂