I am trying to install the Splunk Universal Forwarder from the PowerShell command-line on Windows Server 2012 R2 and am having difficulties when I add in the options for SSL certs and the password.
My command:
msiexec.exe /i C:\Users\Administrator\Desktop\splunkforwarder-6.3.3-f44afce176d0-x64-release.msi AGREETOLICENSE=Yes RECEIVING_INDEXER="splunk:9997" WINEVENTLOG_APP_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_SEC_ENABLE=1 CERTPASSWORD=password ROOTCACERTFILE=$SPLUNK_HOME\etc\auth\cacert.pem CERTFILE=$SPLUNK_HOME\etc\auth\server.pem /passive /l .\Desktop\logfile.log
I want to have the universal forwarder use the server.pem and cacert.pem that are generated from the install, but I can't seem to figure out how to get that to happen. If I remove `ROOTCACERTFILE`, `CERTFILE` the install completes but doesn't work until I got into the `outputs.conf` and manually add the lines `sslCertPath = $SPLUNK_HOME\etc\auth\server.pem` and `sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem`. To be clear, I can get this working if I manually add those configuration lines, but the aim is to have this become a one step process.
My logs are pasted here --> http://pastebin.com/cfhcpb0Q . I tried searching for solutions to this such as the sfc /scannow fix and nothing seems to be working here.
↧