Monitoring Splunk

Is there any risk to monitor .sh or .bat files?

xiyangyang
Path Finder

Is there any risk to monitor .sh or .bat files?

Tags (1)
0 Karma

xiyangyang
Path Finder

I see. thank you

0 Karma

nickhills
Ultra Champion

Your welcome!
If my answer solved your problem, please be sure to accept it (and upvote if your feeling generous) as it helps others who visit in the future to know it solved your problem.

If my comment helps, please give it a thumbs up!
0 Karma

nickhills
Ultra Champion

No more risk than any other file which might contain code samples or naughty words.

Splunk wont ever execute them, and will process all inputs a plain text - the only risk is the content of the files, and whether you are happy to index the content of them (passwords, keys etc)

If my comment helps, please give it a thumbs up!

Yunagi
Communicator

When specifically monitoring source code files, I was thinking that [fschange] instead of [monitor] might be a good idea. However, now I am reading that fschange is deprecated. What are your thoughts?

0 Karma

nickhills
Ultra Champion

If your just looking to index the files when they change, you can use a normal monitor statement, and set CHECK_METHOD = entire_md5 in props.conf which will trigger Splunk to reindex the whole file each time it changes.
https://docs.splunk.com/Documentation/Splunk/7.0.1/Admin/Propsconf#File_checksum_configuration

If my comment helps, please give it a thumbs up!
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...