Mixed environment about 20 servers - 70 percent Redhat and the rest its Windows OS. I'd like to know how to create an alert that grabs all audit log, other auditable events such as log failures, critical log level size etc. from ALL these servers.
Hello deepashri: More background: Multiple forwarders only one indexer. So I would like to know how to create an alert/s that grabs the following (from ALL servers) - #1. Log failure/processing; #2. audit logs; #3. exceeds maximum audit record storage capacity (triggers at 75% capacity); #4 audit failures; #5 Admin logons and changes.