We have different version of Solaris (8, 9, 10 and 11) and we would like to take the BSM audits and ingest them into Splunk. I know there's an old version of the solaris-bsm-audit-log-loader_14 which was written in 2011 for Splunk ver4. We tried it and it doesn't work.
Does anyone have a script that will ingest these audit logs into Splunk?
There is a facility for Solaris that will allow you to merge BSM logs into syslog and you can then get them into Splunk. I know this works in 10 and 11, not sure about 9; pretty sure it does not work in 8. However BSM in Sol8 does have the capability to export the BSM logs to text so that might help.