Deployment Architecture

How to monitor logs on Linux directory?

pamelaferrari
New Member

I installed Splunk on a Windows machine. I have some applications that runs on a Linux server and generates daily logs on a specific Linux directory. I would like to monitor these logs from Splunk. I know there is the Splunk Universal Forwarder but first I would try to create a script on Splunk that runs an ssh (with cat logs file) and keeps the logs from the Linux directories.
Can you please explain me how can achieve this result? Can you give me an example?
Thank you very much
Regards

0 Karma

skalliger
Motivator

This would require writing your own file watcher (or using someone else's), transfering the files (think about transfering it securely) and also think about the future. You want to keep the footprint of the process on the target system low and maybe want to loadbalance events later to multiple directions.

But if you really don't want to just install the Universal Forwarder (which is recommended), you can always try to do it with a Scripted Input.

I really don't see a reason why you would want to implement such functionality yourself. The UF might not be good at filtering events, but he is good enough in gathering them.

Skalli

Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...