Command Summary | Utimaco Integration Guides

Command	Purpose
`dnf install -y epel-release`	Enables the EPEL repository to access additional packages required for syslog-ng installation.
`dnf install -y syslog-ng`	Installs the syslog-ng service on Rocky Linux, which will receive syslog data from ESKM.
`wget -O splunkforwarder-10.0.2-e2d18b4767e9.x86_64.rpm "<Splunk_UF_Download_URL>"`	Downloads the Splunk Universal Forwarder installation package from Splunk’s official repository.
`sudo rpm -i splunkforwarder-10.0.2-e2d18b4767e9.x86_64.rpm`	Installs the Splunk Universal Forwarder on the Rocky Linux syslog server.
`sudo /opt/splunkforwarder/bin/splunk start --accept-license`	Starts the Splunk Universal Forwarder for the first time and prompts for creating admin credentials.
`/opt/splunkforwarder/bin/splunk enable boot-start`	Configures the Universal Forwarder to automatically start on system boot.
`mkdir -p /var/log/eskm`	Creates a dedicated directory to store incoming ESKM syslog logs.
`chown root:root /var/log/eskm`	Sets correct ownership for the ESKM log directory so syslog-ng and Splunk UF can access it.
`chmod 750 /var/log/eskm`	Applies secure permissions to the ESKM log directory.
`tail -f /var/log/eskm/eskm.log`	Monitors ESKM logs in real time to verify syslog-ng is receiving events.
`/opt/splunkforwarder/bin/splunk status`	Checks the running status of the Splunk Universal Forwarder service.
`/opt/splunkforwarder/bin/splunk list monitor`	Displays the list of log files currently monitored by the Universal Forwarder.
`dnf install -y epel-release`	Enables the EPEL repository to access additional packages required for syslog-ng installation.
`dnf install -y syslog-ng`	Installs the syslog-ng service on Rocky Linux, which will receive syslog data from ESKM.
`wget -O splunkforwarder-10.0.2-e2d18b4767e9.x86_64.rpm "<Splunk_UF_Download_URL>"`	Downloads the Splunk Universal Forwarder installation package from Splunk’s official repository.
`sudo rpm -i splunkforwarder-10.0.2-e2d18b4767e9.x86_64.rpm`	Installs the Splunk Universal Forwarder on the Rocky Linux syslog server.
`sudo /opt/splunkforwarder/bin/splunk start --accept-license`	Starts the Splunk Universal Forwarder for the first time and prompts for creating admin credentials.
`/opt/splunkforwarder/bin/splunk enable boot-start`	Configures the Universal Forwarder to automatically start on system boot.
`mkdir -p /var/log/eskm`	Creates a dedicated directory to store incoming ESKM syslog logs.
`chown root:root /var/log/eskm`	Sets correct ownership for the ESKM log directory so syslog-ng and Splunk UF can access it.
`chmod 750 /var/log/eskm`	Applies secure permissions to the ESKM log directory.
`tail -f /var/log/eskm/eskm.log`	Monitors ESKM logs in real time to verify syslog-ng is receiving events.
`/opt/splunkforwarder/bin/splunk status`	Checks the running status of the Splunk Universal Forwarder service.
`/opt/splunkforwarder/bin/splunk list monitor`	Displays the list of log files currently monitored by the Universal Forwarder.

Splunk CLI commands