Skip to content

Splunk

Logging for Legacy Applications with JDE

Summary

Architecture Overview for JDE and Splunk Integration

graph TD;
    subgraph JDE Servers
        S1[Enterprise Server] -->|Log Generation| A1[Enterprise Log Folder]
        S2[Web Server] -->|Log Generation| A2[Web Log Folder]
        S3[BSSV Server] -->|Log Generation| A3[BSSV Log Folder]
        S4[AIS Server] -->|Log Generation| A4[AIS Log Folder]
        S5[Database Server] -->|Log Generation| A5[Database Log Folder]
    end

    A1 -->|Ingest Logs| B1[Log Forwarder/Agent] -->|Send Logs| B
    A2 -->|Ingest Logs| B1
    A3 -->|Ingest Logs| B1
    A4 -->|Ingest Logs| B1
    A5 -->|Ingest Logs| B1

    subgraph  
        B[Splunk]
        B --> B2[Log Indexing]
        B2 --> B3[Log Search & Alerts]
    end

Splunk Server Installations

Splunk Server Installation Steps

https://github.com/jdedev/tophomelab/tree/main/docker/splunk

docker-compose.yml

services:
  splunk:
    image: ${SPLUNK_IMAGE:-splunk/splunk:latest}
    container_name: splunk
    restart: always    
    environment:
      - SPLUNK_START_ARGS=--accept-license
      - SPLUNK_HEC_TOKEN=${SPLUNK_HEC_TOKEN}
      - SPLUNK_PASSWORD=${SPLUNK_PASSWORD}
    ports:
      - 8000:8000
      - 8088:8088
      - 8089:8089
    volumes:
      - "./splunk/etc:/opt/splunk/etc"
      - "./splunk/var:/opt/splunk/var"

Splunk Server Configuration

Splunk Forwarder Installation

Splunk Forwarder Installation Steps

Splunk Forwarder Configuration

Forwarding Logs from JDE to Splunk

Ingesting Logs from JDE Servers

Configuring Log Forwarding to Splunk

Log Analysis in Splunk

Monitoring JDE Logs in Splunk

Identifying Security Issues in JDE Logs

Configuring Alerts for JDE Logs