Process Solaris audit files into Splunk 7.2.5

New Member


I have a customer running both Solaris 11 and I need to monitor their Solaris audit data as kept in their Global Zones (this monitors all Zones).
How do I process this binary format file to retrieve only the latest log file (same way that DB-Connect App does).
I have TA for *NIX LINUX installed on their Splunk Server.
I want to be able to retrieve data such as: User Login information - failed; successfull with time of login and the number of attempts of unsuccessful logins etc.


0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!