Linux Splunk Forwarder fails locally
Bob-The-User opened this issue · 6 comments
Bob-The-User commented
TASK [splunk_byo_linux : restart splunk] ***************************************
fatal: [ar-linux-attack-range-key-pair-ar-0]: FAILED! => {"changed": true, "cmd": ["systemctl", "restart", "SplunkForwarder"], "delta": "0:00:00.017162", "end": "2023-08-09 16:40:56.833652", "msg": "non-zero return code", "rc": 5, "start": "2023-08-09 16:40:56.816490", "stderr": "Failed to restart SplunkForwarder.service: Unit SplunkForwarder.service not found.", "stderr_lines": ["Failed to restart SplunkForwarder.service: Unit SplunkForwarder.service not found."], "stdout": "", "stdout_lines": []}
it seems to fail starting the service regardless of any other setting
P4T12ICK commented
Can you provide your attack_range.yml configuration?
Bob-The-User commented
general:
cloud_provider: local
attack_range_password: ***************
local: {}
windows_servers:
- hostname: ar-win-dc
windows_image: windows-2016-v3-0-0
create_domain: '1'
install_red_team_tools: '1'
bad_blood: '1' - hostname: ar-win-2
windows_image: windows-2016-v3-0-0
join_domain: '1'
install_red_team_tools: '1'
linux_servers: - hostname: ar-linux
Bob-The-User commented
Any updates?