https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330073#M61186 <P>I'm not being able to find consice information, since every post just links to this DEPRECATED feature: <EM>docs.splunk.com/Documentation/Splunk/6.0/Data/Monitorchangestoyourfilesystem</EM></P> <P><STRONG>I want to be able to log (and then alert) if a change is noticed in a file</STRONG> (usually implemented via scheduled hash checks, but it doesn't matter). Is that possible, or not any more and I would need to pay for other services for that feature?</P> <P>The other doc that gets usually linked is this: <EM>docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows</EM><BR /> but the instructions make it seem like I can't use a Universal Forwarder and I must have another full fledged installation of splunk enterprise?<BR /> also the instructions have a crucial step where they link to a Microsoft Doc, but that link is completely dead, so it's missing instructions.</P> <P>Can someone please clarify all this mess for me? I would really appreciate it.</P> Mon, 30 Oct 2017 22:32:39 GMT worm929 2017-10-30T22:32:39Z https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330073#M61186 <P>I'm not being able to find consice information, since every post just links to this DEPRECATED feature: <EM>docs.splunk.com/Documentation/Splunk/6.0/Data/Monitorchangestoyourfilesystem</EM></P> <P><STRONG>I want to be able to log (and then alert) if a change is noticed in a file</STRONG> (usually implemented via scheduled hash checks, but it doesn't matter). Is that possible, or not any more and I would need to pay for other services for that feature?</P> <P>The other doc that gets usually linked is this: <EM>docs.splunk.com/Documentation/Splunk/latest/Data/MonitorfilesystemchangesonWindows</EM><BR /> but the instructions make it seem like I can't use a Universal Forwarder and I must have another full fledged installation of splunk enterprise?<BR /> also the instructions have a crucial step where they link to a Microsoft Doc, but that link is completely dead, so it's missing instructions.</P> <P>Can someone please clarify all this mess for me? I would really appreciate it.</P> Mon, 30 Oct 2017 22:32:39 GMT https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330073#M61186 worm929 2017-10-30T22:32:39Z https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330074#M61187 <P>Hi,<BR /> I did a quick find, and noticed version 7.1.0 provides a way .. and you may have a look at <A href="https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/MonitorfilesystemchangesonWindows">https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/MonitorfilesystemchangesonWindows</A><BR /> Hope this helps.<BR /> Cheers, Desmond.</P> Tue, 29 May 2018 07:12:53 GMT https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330074#M61187 wongdsc 2018-05-29T07:12:53Z https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330075#M61188 <P>Hi, seems there's another way located at <A href="http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows">http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows</A><BR /> to address the deprecated feature.<BR /> Cheers, Desmond.</P> Tue, 29 May 2018 07:15:27 GMT https://community.splunk.com/t5/Getting-Data-In/Can-Splunk-do-File-Integrity-Monitoring-on-its-own-in-2017/m-p/330075#M61188 wongdsc 2018-05-29T07:15:27Z