From ec4c5d14835e7daec3ece324d9964c2ea7cee15a Mon Sep 17 00:00:00 2001 From: Chris Long Date: Wed, 5 Aug 2020 13:38:46 -0700 Subject: [PATCH] Remove inputsconf --- Vagrant/scripts/install-inputsconf.ps1 | 37 -------------------------- Vagrant/scripts/install-windows_ta.ps1 | 10 +++---- 2 files changed, 5 insertions(+), 42 deletions(-) delete mode 100755 Vagrant/scripts/install-inputsconf.ps1 diff --git a/Vagrant/scripts/install-inputsconf.ps1 b/Vagrant/scripts/install-inputsconf.ps1 deleted file mode 100755 index cb82144..0000000 --- a/Vagrant/scripts/install-inputsconf.ps1 +++ /dev/null @@ -1,37 +0,0 @@ -# Purpose: Configures the inputs.conf for the Splunk forwarder on WEF to send events from the WEF channels - -Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting up Splunk Inputs for Sysmon" - -$inputsPath = "C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf" -$currentContent = get-content $inputsPath -$targetContent = get-content c:\vagrant\resources\splunk_forwarder\inputs.conf - -if ($currentContent -ne $targetContent) -{ - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Stopping the Splunk forwarder" - try { - Stop-Service splunkforwarder -ErrorAction Stop - } catch { - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Failed to stop SplunkForwarder. Trying again..." - Set-Location "C:\Program Files\SplunkUniversalForwarder\bin" - & ".\splunk.exe" "stop" - } - - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Deleting the default configuration" - Remove-Item $inputsPath - - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Copying over the custom configuration" - Copy-Item c:\vagrant\resources\splunk_forwarder\inputs.conf $inputsPath - - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Starting the Splunk forwarder" - Start-Service splunkforwarder -} -else -{ - Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Splunk forwarder already configured. Moving on." -} -If ((Get-Service -name splunkforwarder).Status -ne "Running") -{ - throw "splunkforwarder service was not running." -} -Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Splunk forwarder installation complete!" diff --git a/Vagrant/scripts/install-windows_ta.ps1 b/Vagrant/scripts/install-windows_ta.ps1 index ac1ca39..0493d1a 100755 --- a/Vagrant/scripts/install-windows_ta.ps1 +++ b/Vagrant/scripts/install-windows_ta.ps1 @@ -3,9 +3,9 @@ Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing the Windows TA for Splunk" -If (test-path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\default") { +If (Test-Path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\default") { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows TA is already installed. Moving on." - Exit + Exit 0 } # Install Windows TA (this only needs to be done on the WEF server) @@ -16,12 +16,12 @@ Start-Process -FilePath "C:\Program Files\SplunkUniversalForwarder\bin\splunk.ex # Create local directory New-Item -ItemType Directory -Force -Path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local" -Copy-Item c:\vagrant\resources\splunk_forwarder\wef_inputs.conf $inputsPath +Copy-Item c:\vagrant\resources\splunk_forwarder\wef_inputs.conf $inputsPath -Force # Add a check here to make sure the TA was installed correctly Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Sleeping for 15 seconds" -start-sleep -s 15 -If (test-path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\default") { +Start-Sleep -s 15 +If (Test-Path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\default") { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows TA installed successfully." } Else { Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Something went wrong during installation."