ITS 2330 - Linux III

Project 1: Splunk


This lesson takes place in week 3, but there is no chapter for it. Objectives important to this lesson include reviewing relevant material on splunk:

  1. Splunk
  2. Phantom
  3. Addressing big data needs by other means

As noted above, our text does not have a chapter this week for the course designers' topic. The basic idea is that you are going to install a Linux server, and you will install splunk on that server to analyze what happens on it. (Which won't be much, since you are not really running a server on a network.)

You can start by cloning an existing CentOS VM, or by installing another CentOS machine, since a workstation and a server are essentially the same thing for CentOS. This link will take you to a lesson a lot like the handout from Professor Pierce, but it includes a few reminders that will make life easier:

Note the recommendation to use CentOS 7, not 8, due to the fact that 8 will go end of life at the end of 2021, while 7 will be "supported" through 2024. It's 2021 now, so do the math.

The next concept is downloading and installing splunk. But, before we do that, why are we going to do that? Splunk is a product for managing data from and about your server, your applications, your databases, and/or your logs. The logs may be the most reasonable thing to check in your VM version of the product. Lots of people have a hard time managing all the data an active system creates. It is often mountains of data that take forever to search. This is the essence of the concept called Big Data.Here is a quick intro:

According to the splunk company founders, they liked the metaphor a user gave them about crawling through caves, in the dark, looking for something interesting. Cave exploration is called spelunking, which they shortened to splunk. In case you think that sounds like fun, let's get some testimony from Mike Rowe. Take it as a metaphor for too much data, too many distractions, and too little sense of where you should be looking or going.

The video below is one of the better ones I have found at explaining what splunk is for. (Some students have a problem with the presenter's accent. If you do, try turning on the closed captions.)

Just in case you think that video was a little light, this one goes over an investigation scenario, showing you how splunk can be used to analyze what happens in a network. Enjoy. By the way, run this one full screen on a large monitor to see the text on the presenter's screen more clearly.

Probably enough of that for the moment, but you may not think so. This link will take you to a YouTube channel from splunk with more lessons about their products: Splunk on YouTube. Look into the splunk product called phantom. You will find it on the splunk web site under Security. Got your attention now? Read up on the product, find some videos, do an installation, and report what you found, did, and think.

The second half of this assignment is to address one of the three bullet points below. The project is due in three weeks.