<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: On a Linux Splunk Server, how do I ingest Windows CIFS audit files in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262419#M50362</link>
    <description>&lt;P&gt;Splunk tech supported pointed me here:&lt;/P&gt;

&lt;P&gt;&lt;A href="https://answers.splunk.com/answers/28847/how-do-we-index-netapp-evt-files-on-a-unix-box.html"&gt;https://answers.splunk.com/answers/28847/how-do-we-index-netapp-evt-files-on-a-unix-box.html&lt;/A&gt;&lt;/P&gt;</description>
    <pubDate>Tue, 13 Oct 2015 17:50:54 GMT</pubDate>
    <dc:creator>rruth</dc:creator>
    <dc:date>2015-10-13T17:50:54Z</dc:date>
    <item>
      <title>On a Linux Splunk Server, how do I ingest Windows CIFS audit files</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262417#M50360</link>
      <description>&lt;P&gt;I have adtlog.evt files I wish to look at from Splunk.  How do I do this without using a Windows Splunk server?  (I do have universal forwarders on some Windows systems if I need to go that route.)  My Splunk server resides on Linux.&lt;/P&gt;

&lt;P&gt;Details:  I have a Netapp filer with CIFS mounts creating the adtlog.evt files and I want to use Splunk to search them.&lt;/P&gt;</description>
      <pubDate>Thu, 08 Oct 2015 22:05:34 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262417#M50360</guid>
      <dc:creator>rruth</dc:creator>
      <dc:date>2015-10-08T22:05:34Z</dc:date>
    </item>
    <item>
      <title>Re: On a Linux Splunk Server, how do I ingest Windows CIFS audit files</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262418#M50361</link>
      <description>&lt;P&gt;I don't think this will be easy.  You could try something like &lt;A href="http://sourceforge.net/projects/evtviewer/files/evtviewer/evtViewer-0.5/evtViewer-0.5.tgz/download"&gt;evtviewer&lt;/A&gt;.  Note I am not endorsing this, just suggesting it as a way to read those files.  I have no idea how you would get that to export the files into a better format.  To be honest, I'm not even sure Windows would have an easy way to do this.&lt;/P&gt;

&lt;P&gt;Can you have it pick a different logging format?  Does the control station (or whatever Netapp uses to "control" the filer) have a console you can get onto?  Can you install software there?  Does it have another log folder somewhere?&lt;/P&gt;</description>
      <pubDate>Fri, 09 Oct 2015 00:48:45 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262418#M50361</guid>
      <dc:creator>Richfez</dc:creator>
      <dc:date>2015-10-09T00:48:45Z</dc:date>
    </item>
    <item>
      <title>Re: On a Linux Splunk Server, how do I ingest Windows CIFS audit files</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262419#M50362</link>
      <description>&lt;P&gt;Splunk tech supported pointed me here:&lt;/P&gt;

&lt;P&gt;&lt;A href="https://answers.splunk.com/answers/28847/how-do-we-index-netapp-evt-files-on-a-unix-box.html"&gt;https://answers.splunk.com/answers/28847/how-do-we-index-netapp-evt-files-on-a-unix-box.html&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 13 Oct 2015 17:50:54 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/On-a-Linux-Splunk-Server-how-do-I-ingest-Windows-CIFS-audit/m-p/262419#M50362</guid>
      <dc:creator>rruth</dc:creator>
      <dc:date>2015-10-13T17:50:54Z</dc:date>
    </item>
  </channel>
</rss>

