All Apps and Add-ons
Highlighted

Is there already an app that will monitor sysmon via UDP for Unix or Linux machines?

Motivator

Hi

My company is looking to run a POC on Splunk for sysmon via UDP for a few hundred Unix / Linux machines.

Is there already a pre-made app for this? I can find the Microsoft one but i don't think it's the same thing.

Thanks in advance.

If the POC works, we will need to monitor 5000 machines.

Cheers

0 Karma
Highlighted

Re: Is there already an app that will monitor sysmon via UDP for Unix or Linux machines?

Splunk Employee
Splunk Employee

Hi Robert,

I think this is the app you are looking for:
https://splunkbase.splunk.com/app/273/

The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

Hope this helps. Thanks!
Hunter

0 Karma
Highlighted

Re: Is there already an app that will monitor sysmon via UDP for Unix or Linux machines?

SplunkTrust
SplunkTrust

Hi,

Here is an valuable alternative to the official *nix application: https://splunkbase.splunk.com/app/1753/

I would suggest you make your own test and judgement, for dozens of reasons the *nix application should be rewritten from A to Z, the data produced by the add-on is rich enough, however the application is definitively not providing what admins need to analyse performance and capacity planing. (personal opinion)

Choice is luxury 😉

Regards,

Guilhem

0 Karma