Deployment Architecture

Which log files need to be configured in Splunk for different Platforms?

New Member

Hi Everyone,

My client has asked me the following questions:

"Can you tell me what to log exactly and need to forward to splunk?

In other words, which level of log is needed to meet the PCI requirement?

On most systems and appliances it is possible to set a specific log level. In normal situations there is chosen for a low log level because Disk and CPU usage.

For the following:
cisco router
windows server en workstation

Can you specify what the minimum is?"

Please can anyone suggest how to and which log files needs to be configured in Splunk for above mentioned Platforms?

Tags (3)
0 Karma


This question relates to way more that can be covered in a single answer in a Q&A forum. There are people working exclusively with things like this in PCI projects - a good knowledge of the different sections of the PCI DSS is as I see it more or less required to be able to answer these questions in your specific situation, because the requirements will vary depending on where your cardholder data is stored and how you're handling it.

My recommendation would be to bring in someone who knows log management and how it relates to PCI DSS, and have them assess your situation.

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...