Does the File/Directory app require a heavy forwarder? It appears to require python.
It does require a heavy forwarder. However, version 1.1 is being designed to eliminate the need for Splunk's Python and will work with the system's Python. See http://lukemurphey.net/issues/1068.
Note that this would still require Python on the host's system.
Don't forget about the fschange
stanza available in basic splunk.
http://docs.splunk.com/Documentation/Splunk/6.3.0/admin/Inputsconf
Of course, I assume you already know this and need something more advanced, otherwise @LukeMurphey wouldn't have written his app.
Part of the reason that this app exists is because fschange has been deprecated since 2012 (if I recall correctly). The input is going to be supported as long as Splunk 4.3 is supported; it might be removed then.
It does require a heavy forwarder. However, version 1.1 is being designed to eliminate the need for Splunk's Python and will work with the system's Python. See http://lukemurphey.net/issues/1068.
Note that this would still require Python on the host's system.
Now that this is at Version 1.2, will it now work on a universal forwarder? I have tried unsuccessfully to install it on a UF, but just wanted to make sure that it should or should not work.
As of version 1.3, it does support Universal Forwarder provided the host has Python available (Python 2.7 is recommended).