Linux Splunk Forwarder fails locally

Question

Linux Splunk Forwarder fails locally

Bob-The-User opened this issue 10 months ago · 6 comments

TASK [splunk_byo_linux : restart splunk] ***************************************
fatal: [ar-linux-attack-range-key-pair-ar-0]: FAILED! => {"changed": true, "cmd": ["systemctl", "restart", "SplunkForwarder"], "delta": "0:00:00.017162", "end": "2023-08-09 16:40:56.833652", "msg": "non-zero return code", "rc": 5, "start": "2023-08-09 16:40:56.816490", "stderr": "Failed to restart SplunkForwarder.service: Unit SplunkForwarder.service not found.", "stderr_lines": ["Failed to restart SplunkForwarder.service: Unit SplunkForwarder.service not found."], "stdout": "", "stdout_lines": []}

it seems to fail starting the service regardless of any other setting

Answer 1 · 2023-08-14T11:08:22.000Z

Can you provide your attack_range.yml configuration?

Answer 2 · 2023-08-18T14:13:08.000Z

general:
cloud_provider: local
attack_range_password: ***************
local: {}
windows_servers:

hostname: ar-win-dc
windows_image: windows-2016-v3-0-0
create_domain: '1'
install_red_team_tools: '1'
bad_blood: '1'
hostname: ar-win-2
windows_image: windows-2016-v3-0-0
join_domain: '1'
install_red_team_tools: '1'
linux_servers:
hostname: ar-linux

Answer 3 · 2023-09-27T20:10:22.000Z

Any updates?