Archive

I want to monitor every change that happens to a directory and the files in it including deletion of files

New Member

Hi,

I have configured Files & Directories monitoring by going to Data inputs->Files & Directories and when i do a search i am getting results with the information of changes(appended data). But when i tried to delete a file or create a few empty file or a folder within a monitored folder, these changes were not detected. i am especially interested in monitoring deletion of files with splunk

I am new to splunk. Please let me know if this is possible? if yes how can i achieve this? should i need to add anything else in the input.conf file?

Tags (1)
0 Karma

Path Finder

Is this Windows or *Nix?

Depending on your Splunk version, you could try an fschange input. The docs are here: http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/Monitorchangestoyourfilesystem

Here's some more info on how to do it on Windows: https://docs.splunk.com/Documentation/Splunk/7.1.1/Data/MonitorfilesystemchangesonWindows

As an alternative to FSChange, there are some Open Source (and not) solutions (i.e. TripWire).

0 Karma