Re: What is "hostname as provided by the client" i...

bkeif · ‎02-04-2020

In the serverclass.conf docs it says that the "hostname of the client, as provided by the client" can be used in the white/black lists. What exactly does this mean? Does the uf grab the output of the hostname command as if it were run that on the host, or is it simply a value in a conf file like inputs.conf (host=) or server.conf (serverName=)?

I know that clientName comes from deploymentclient.conf and the other options listed in the doc are self explanatory but Its unclear to me what the line "as provided by the client" really means

richgalloway · ‎02-04-2020

"As provided by the client" means the client name is not defined on the deployment server. IOW, no change on the DS will affect the client's name. The easiest way to see what a client's name is is to look at the Clients tab on the Forwarder Management screen.

---
If this reply helps you, Karma would be appreciated.

bkeif · ‎02-05-2020

Ok sure, that makes sense and I realize I can't change it on the DS. But I could change it on the client if I knew where the name comes from on the client. Its not the like the UF magically knows the hostname of the box its running on. It has to pull it from somewhere.

richgalloway · ‎02-06-2020

Sorry for missing the second part of your questin. It's set by host = foo in inputs.conf. If not specified, the UF does magically know the hostname of the box on which it is running.

---
If this reply helps you, Karma would be appreciated.

What is "hostname as provided by the client" in serverclass.conf?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases