Splunk is a popular enterprise level tool for log collection, analysis and management. While you can obtain an enterprise license, most functions are available in the free community edition.
Setup is very easy:
- Download and move the .tar.gz file to the appropriate server (i386 vs. amd64)
sudo dpkg -i splunk*.deb
- Start the server:
sudo /opt/splunk/bin/splunk start
The first time you run after installation or update you will have to accept terms.
Access the admin screen:
Go to Settings/Forwarding * Receiving
– add new (port 9997)
- Open firewall port (if enabled):
sudo ufw allow 8000
Now to start as a service…
sudo /opt/splunk/bin/splunk enable boot-start