https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/679014#M18769 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/265226">@Symon</a>&nbsp;&nbsp;</P><P>To effectively monitor Linux Auditd events in Splunk, you can use the Splunk Add-on for Linux.</P><P>This add-on allows you to collect and analyze audit logs from your Linux devices. Here’s how you can set it up:</P><P><STRONG>Configure AuditD to Send Data to the Splunk Add-on for Linux:</STRONG></P><P><A href="https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure4" target="_blank">https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure4</A>&nbsp;<BR /><A href="https://splunkbase.splunk.com/app/833" target="_blank">https://splunkbase.splunk.com/app/833</A>&nbsp;</P><P>This Add On for linux Auditd allows Administrators to make their data OCSF Compliant and CIM compliant for related Linux Auditd Events</P><P><A href="https://preview.splunkbase.splunk.com/app/7045" target="_blank">https://preview.splunkbase.splunk.com/app/7045</A>&nbsp;</P><P>&nbsp;</P> Wed, 28 Feb 2024 15:22:33 GMT kiran_panchavat 2024-02-28T15:22:33Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/678629#M18753 <P>Hello Sirs,</P><P>I would like to know the most useful Splunk App that can be suitable for Linux Auditd events. I have Linux devices such as Mangement Servers, DNS, HTTP Servers, Firewall, etc. These logs carried by both Syslog Forwarder and Heavy forwarders.&nbsp;</P><P><BR />Please suggest how to monitor the audit logs by which Splunk App?</P><P>Thanks a bunch.</P> Mon, 26 Feb 2024 05:16:45 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/678629#M18753 Symon 2024-02-26T05:16:45Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/679014#M18769 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/265226">@Symon</a>&nbsp;&nbsp;</P><P>To effectively monitor Linux Auditd events in Splunk, you can use the Splunk Add-on for Linux.</P><P>This add-on allows you to collect and analyze audit logs from your Linux devices. Here’s how you can set it up:</P><P><STRONG>Configure AuditD to Send Data to the Splunk Add-on for Linux:</STRONG></P><P><A href="https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure4" target="_blank">https://docs.splunk.com/Documentation/AddOns/released/Linux/Configure4</A>&nbsp;<BR /><A href="https://splunkbase.splunk.com/app/833" target="_blank">https://splunkbase.splunk.com/app/833</A>&nbsp;</P><P>This Add On for linux Auditd allows Administrators to make their data OCSF Compliant and CIM compliant for related Linux Auditd Events</P><P><A href="https://preview.splunkbase.splunk.com/app/7045" target="_blank">https://preview.splunkbase.splunk.com/app/7045</A>&nbsp;</P><P>&nbsp;</P> Wed, 28 Feb 2024 15:22:33 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/679014#M18769 kiran_panchavat 2024-02-28T15:22:33Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/679227#M18788 <P>Thanks. Noted sir.</P> Fri, 01 Mar 2024 05:00:48 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-App-for-Linux-Auditd-Log/m-p/679227#M18788 Symon 2024-03-01T05:00:48Z