![]() ![]() ![]() So I think there is something else at play here possibly.Īll the deploy-poll commands failed not just the set command. I tried pinpointing just port 8089 and there were no packets captured at all. I tried the tcpdump approach and could not see any traffic at all to the deployment server either with iptables enabled or disabled. Has anyone encountered this sort of behaviour before? Nmap scan report for splunkdeployment.fqdn (ip-address)Īs soon as I disable iptables however i can run the set deploy-poll command successfully. Runnin nmap from one of the affected clients shows ports open on the deployment server as follows Starting Nmap 5.51 ( ) at 13:41 GMT Additionally adding specific rules for all ports both tcp and udp to the top of both the INPUT and OUTPUT chains makes no difference.Īnd even more bizarrely I can telnet to the splunk deployment server over port 8089 successfully. I've parsed the malfunctioning iptables rules and cannot see any conflict or reason for this to fail. On other CentOS 6 boxes still with iptables enabled but without the number of chains, the command works as expected. The command times out and eventually throws this warning/error Couldn't complete HTTP request: Connection timed out On a number of CentOS 6 machines which have long iptables rules with multiple chains (details can be provided if required) the UF can be installed ok however when running this command: /opt/splunkforwarder/bin/splunk set deploy-poll ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |