Deployment Architecture
Highlighted

How can I configure my deployment server to search logs located in /opt/logs/tmcm?

New Member

I have an indexer host siem2 to collect forwarded logs from Trendmicro Control Manager and it stores it in path /opt/logs/tmcm/

I want to know how to configure in the deployment server host siem1 to search the logs?

0 Karma
Highlighted

Re: How can I configure my deployment server to search logs located in /opt/logs/tmcm?

Communicator

Jason,

Your deployment server handles clients, if 'siem2' is an indexer, it accepts data inputs. Therefore, on your indexer, you simply need to add a input for /opt/logs/tmcm/ like below.

::$SPLUNKHOME/etc/system/local/inputs.conf
[monitor:///opt/logs/tmcm]
index=<index of your choice>
#You do not need the whitelist (this is an example below and is commented out)
#If you want to include certain file names from the 'tmcm' directory
#whitelist=(\.log|log$|messages|secure|auth|mesg$|cron$|acpid$|\.out)
disabled = 0
0 Karma