Monitoring a Remote Directory for Changes WITHOUT ...

All Apps and Add-ons

HI All,

Long story short - I'm looking to monitor a remote directory for changes/new files/changes to files and send this information to Splunk. To re-emphasize, due to the nature of these files, I do NOT want to ingest the files themselves into Splunk. Metadata like, size, paths, owners, changes, etc. is what I am looking for.

I have discovered and set up Luke Murphey's "File/Directory Input" App - https://splunkbase.splunk.com/app/2776

However - After configuration, I'm not seeing anything come into Splunk...

M example path within this app on my Splunk Server (say 10.10.10.10) is set to something like this for my remote server directory:

10.10.10.20:/directory/to/watch/

Is this app capable of doing that remotely?

Should this path be something like user@ip:/path/to/folder ? Wouldn't I need ssh keys of sorts to do this?

If this app isn't the solution...

Is a Universal Forwarder able to be configured to do this monitoring and forward metadata without forwarding the files themselves?

Thanks in advance for any help.

Get Updates on the Splunk Community!

Monitoring a Remote Directory for Changes WITHOUT Ingesting files into Splunk?

configuration

development

troubleshooting

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?